# Samba + Winbind Error

## the_sphynx

I used this as my guide to get Samba talking to AD.  I have had good success until I get to the wbinfo -u and wbinfo -g steps.  It errors out and tells me:

```

graphing mrtg # wbinfo -u

Error looking up domain users

```

My log file looks like this:

```

graphing mrtg # cat /var/log/samba/log.winbindd | more

[2005/05/25 10:54:58, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:54:58, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:54:58, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)

  ads_connect for domain FNFGLOBAL failed: Server not found in Kerberos database

[2005/05/25 10:54:58, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:54:58, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:54:58, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)

  ads_connect for domain FNFEXT failed: Server not found in Kerberos database

[2005/05/25 10:55:08, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)

  cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds

[2005/05/25 10:57:14, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)

  cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds

[2005/05/25 10:57:36, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)

  cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds

[2005/05/25 10:58:09, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for nt_ccmail$@REI.CTT.COM (Server not found in Kerberos database)

[2005/05/25 10:58:09, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(544)

  spnego_gen_negTokenTarg failed: Server not found in Kerberos database

[2005/05/25 10:58:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:44, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)

  ads_connect for domain FNFEXT failed: Server not found in Kerberos database

[2005/05/25 10:58:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:44, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)

  ads_connect for domain FNFGLOBAL failed: Server not found in Kerberos database

[2005/05/25 10:58:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:44, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:44, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)

  ads_connect for domain FNFEXT failed: Server not found in Kerberos database

[2005/05/25 10:58:45, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:45, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:45, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)

  ads_connect for domain FNFGLOBAL failed: Server not found in Kerberos database

[2005/05/25 10:58:54, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:54, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(544)

  spnego_gen_negTokenTarg failed: Server not found in Kerberos database

[2005/05/25 10:58:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfexu-ctc02$@FNFEXT.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:55, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)

  ads_connect for domain FNFEXT failed: Server not found in Kerberos database

[2005/05/25 10:58:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:55, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(544)

  spnego_gen_negTokenTarg failed: Server not found in Kerberos database

[2005/05/25 10:58:57, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:57, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)

  ads_krb5_mk_req: krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database)

[2005/05/25 10:58:57, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)

  ads_connect for domain FNFGLOBAL failed: Server not found in Kerberos database

[2005/05/25 10:59:07, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)

  cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds

```

My question is why is it looking at the FNFGLOBAL.LOCAL & FNFEXT.LOCAL domains?  I have FNFINC.COM in my /etc/krb5.conf as follows:

```

graphing mrtg # cat /etc/krb5.conf

[libdefaults]

   default_realm = FNFINC.COM

   [realms]

   FNFINC.COM = {

        kdc = sgcfnf-co01.fnfinc.com

   }

[domain_realm]

        fnfinc.com = FNFINC.COM

[kdc]

        profile = /etc/krb5kdc/kdc.conf

[logging]

        kdc = FILE:/var/log/krb5kdc.log

        default = FILE:/var/log/krb5lib.log

```

Any help would be greatly appreciated!

----------

## GenTimJS

krb5_get_credentials failed for sgcfnfg-dal01$@FNFGLOBAL.LOCAL (Server not found in Kerberos database) 

looks like you made a typo somewhere, or left a server identification out of a config file?

also, you need to run the "net" command as root usually when you join the kerberos realm

----------

## the_sphynx

I was able to get the machine to join the domain properly with the net command.  However, what seems to be happening is it is trying to use all of the domains that the FNFINC.COM domain trusts for password server (I am assuming this).

Here is my smb.conf:

```

graphing mrtg # cat /etc/samba/smb.conf

# This is the global configuration section

[global]

        netbios name = Graphing

        socket options = TCP_NODELAY SO_RCVBUF=16383 SO_SNDBUF=16384

        idmap uid = 10000-20000

        winbind enum users = yes

        winbind gid = 10000-20000

        workgroup = FNFINC

        os level = 20

        winbind enum groups = yes

        socket address = 170.88.217.55

        password server = SGCFNF-CO01

        preferred master = no

        winbind separator = @

        max log size = 50

        log file = /var/log/samba/log.%m

        encrypt passwords = yes

        dns proxy = no

        realm = FNFINC.COM

        security = ADS

        wins server = 10.10.1.10

        wins proxy = no

# This is the location where we define shares.

[Website]

        comment = Location of the graphing website

        writeable = yes

        path = /var/www/graphing

```

----------

