[Samba] samba3.0.14a, Windows2003, ADS

Danna Dowdy Danna.Dowdy at noaa.gov
Thu May 12 19:43:31 GMT 2005 

okay....
finally got everything cleaned up and reinstalled and now wbinfo works 
like a charm.....
I am still having one problem?
I have started winbindd in interactive mode and when I try and access 
the share via my winXP client I get ......Any idea what is wrong here?

cli_net_req_chal: LSA Request Challenge from SambaServer to 
DomainController: 920DA3C24D2BB5A4
cred_session_key
cred_create
cli_net_auth2: srv:\\DomainController acct:SambaServer$ sc:2 mc: 
SambaServer chal B471454F71A2F34E neg: 400701ff
cred_create
cred_assert
cred_create
cred_create
cred_assert
NTLM CRAP authentication for user [NOS]\[danna.dowdy at NOS.NOAA] returned 
NT_STATUS_NO_SUCH_USER (PAM: 10)
[ 6785]: request interface version
[ 6785]: request location of privileged pipe
[ 6785]: ping
[ 6785]: pam auth crap domain: NOS user: danna.dowdy at NOS.NOAA
Using cleartext machine password
cred_create
cred_create
cred_assert
NTLM CRAP authentication for user [NOS]\[danna.dowdy at NOS.NOAA] returned 
NT_STATUS_NO_SUCH_USER (PAM: 10)


Michael Joyner wrote:

> Ok,
> You have TWO installations of SAMBA, this is going to cause GRIEF 
> beyond belief.
>
> Apparantly, you have one installed via RPM the other via
>  ./configure; make; make install
>
> You need to remove BOTH, completely (`rpm -qa | grep samba`)
>
> Then you need to either 1) do an RPM install, or 2) do a ./configure 
> install.
>
> After the cleanup and new fresh install, start over with brand spaken 
> new smb.conf, *.tdb's etc. :)
>
>
> Danna Dowdy wrote:
>
>> I think I may have found something wrong.....
>> I have two isntances of secrets.tdb.....
>> /usr/local/samba/private/secrets.tdb
>> /etc/samba/secrets.tdb
>>
>> Also, my smb.conf file was created in /usr/local/samba/lib/ ?  It 
>> appears that wbinfo is looking for it in /etc/samba but samba is 
>> looking for it in /usr/local/samba/lib.
>> I'm not sure where these files are supposed to be?
>>
>>
>> Michael Joyner wrote:
>>
>>> I had a problem with winbind talking to one to my ADS here,
>>> not exactly like your situation, but the following might work, READ 
>>> THE WARNING, YMMV:
>>>
>>> stop winbind
>>> stop nmb
>>> stop smb
>>>
>>> cd /var/lib/samba(*?* not sure of location on RedHat)
>>> rm -rfv winbind*
>>>
>>> # 
>>> WARNING!##############################################################
>>> # THE ABOVE WILL REMOVE ANY PREVIOUS RECORDED MAPPINGS FOR UID's ->
>>> # SID's! NEW MAPPINGS WILL BE GENERATED THAT MOST CERTAINLY WILL NOT BE
>>> # THE SAME UNLESS YOU USE
>>> # idmap backend = idmap_rid:DOMAIN=1000-100000000
>>> # idmap uid = 1000-100000000
>>> # idmap gid = 1000-100000000
>>> # PLEASE UNDERSTAND THE CONSEQUENCES OF idmap_rid BEFORE USING.
>>> # 
>>> WARNING!##############################################################
>>>
>>> rm secrets.tdb (located in /etc/samba on SuSE, RedHat ?)
>>> net -U domain_admin ads join
>>>
>>> start nmb
>>> start smb
>>> start winbind
>>>
>>> I also have "use kerberos keytab = yes" in my /etc/samba/smb.conf
>>>
>>> Danna Dowdy wrote:
>>>
>>>> Platform is RedHat....
>>>> $ ps -axc | grep winbind
>>>> 4792 ?        S      0:00 winbindd
>>>> 4793 ?        S      0:00 winbindd
>>>>
>>>>
>>>> Michael Joyner wrote:
>>>>
>>>>> wbinfo -p is trying to tell you the wrong thing. :)
>>>>>
>>>>> ps axc | grep winbind
>>>>>
>>>>> if there is no output your winbind is not running.
>>>>>
>>>>> what is your platform?
>>>>>
>>>>> SuSE, RedHat, FreeBSD, Other?
>>>>>
>>>
>>>>>> winbindd.log
>>>>>> [2005/05/11 12:34:43, 1] libsmb/clikrb5.c:ads_krb5_mk_req(415)
>>>>>>  ads_krb5_mk_req: krb5_mk_req_extended failed (Ticket expired)
>>>>>> [2005/05/11 12:34:43, 1] 
>>>>>> libsmb/cliconnect.c:cli_session_setup_kerberos(539)
>>>>>>  spnego_gen_negTokenTarg failed: Ticket expired
>>>>>> [2005/05/11 12:34:43, 1] 
>>>>>> nsswitch/winbindd_ads.c:ads_cached_connection(81)
>>>>>>  ads_connect for domain DOMAIN failed: Cannot read password
>>>>>> [2005/05/11 12:34:43, 1] 
>>>>>> nsswitch/winbindd_util.c:init_domain_list(322)
>>>>>>  Could not fetch sid for our domain DOMAIN
>>>>>> [2005/05/11 12:34:43, 1] 
>>>>>> libsmb/cliconnect.c:cli_session_setup_kerberos(539)
>>>>>>  spnego_gen_negTokenTarg failed: No credentials cache found
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>
>

More information about the samba mailing list