Help configuring samba appliance

Patrick Spinler spinler.patrick at mayo.edu
Thu Feb 15 16:36:42 GMT 2001 

I just tried a freshly compiled winbindd, compiled according the the
instructions in the README in the samba-appliance directory.

Unfortunately, my newly compiled winbindd doesn't appear to be able to
contact the PDC.

Same configuration as last time.  Again - does anyone have any hints
what the problem may be ?  Where do I from here to attempt to debug this
?

-- Pat

$ sudo winbindd -i -d100
codepage_initialise: client code page = 850
load_client_codepage: loading codepage 850.
Adding chars 0x85 0xb7 (l->u = True) (u->l = True)
(--snip--)
Adding chars 0x9c 0x0 (l->u = False) (u->l = False)
load_unicode_map: loading unicode map for codepage 850.
load_unicode_map: filename
/usr/local/samba/lib/codepages/unicode_map.850 does not exist.
added interface ip=172.23.52.30 bcast=172.23.53.255 nmask=255.255.254.0
added interface ip=192.168.10.0 bcast=192.168.10.255 nmask=255.255.255.0
establishing connections
server: dc=, pwdb_init=0, lsa_hnd=0
looking up dc name for domain RCHWKS
resolve_lmhosts: Attempting lmhosts lookup for name RWKSRV00<0x20>
startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts.
Error was No such file or directory
resolve_hosts: Attempting host lookup for name RWKSRV00<0x20>
bind succeeded on port 0
Sending a packet of len 236 to (129.176.100.175) on port 138
[000] 10 1A 39 3E C0 A8 0A 00  0B 0D 00 EC 00 00 20 46  ..9>.... ......
F
[010] 43 44 41 44 41 44 46 44  46 44 47 44 43 44 41 43  CDADADFD
FDGDCDAC
[020] 41 43 41 43 41 43 41 43  41 43 41 43 41 41 41 00  ACACACAC
ACACAAA.
[030] 20 46 43 45 44 45 49 46  48 45 4C 46 44 43 41 43   FCEDEIF
HELFDCAC
[040] 41 43 41 43 41 43 41 43  41 43 41 43 41 43 41 42  ACACACAC
ACACACAB
[050] 4C 00 FF 53 4D 42 25 00  00 00 00 00 00 00 00 00  L..SMB%.
........
[060] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........
........
[070] 00 00 11 00 00 3E 00 00  00 00 00 00 00 00 00 00  .....>..
........
[080] 00 00 00 00 00 00 00 00  00 3E 00 5C 00 03 00 01  ........
.>.\....
[090] 00 01 00 02 00 4F 00 5C  4D 41 49 4C 53 4C 4F 54  .....O.\
MAILSLOT
[0A0] 5C 4E 45 54 5C 4E 45 54  4C 4F 47 4F 4E 00 07 00  \NET\NET
LOGON...
[0B0] 72 30 30 35 35 36 32 30  00 5C 4D 41 49 4C 53 4C  r0055620
.\MAILSL
[0C0] 4F 54 5C 4E 45 54 5C 47  45 54 44 43 31 34 36 35  OT\NET\G
ETDC1465
[0D0] 34 00 72 00 30 00 30 00  35 00 35 00 36 00 32 00  4.r.0.0.
5.5.6.2.
[0E0] 30 00 00 00 01 00 00 00  FF FF FF FF              0....... ....
(--- repeated 3 times ---)
unable to lookup pdc name for 129.176.100.175 in domain RCHWKS
no domain controllers found for domain RCHWKS

Patrick Spinler wrote:
> 
> Hi:
> 
> I've been messing with the samba appliance package recently (the 0.5 rpm
> version built last aug 17), and am having difficulty getting logins
> working via the supplied pam modules.  Here's my setup:
> 
> My workstation is R0055620, a member of the domain RCHWKS
> My account is pjs11, a account in domain MC
> The RCHWKS domain trusts the MC domain (and the RCH domain, too)
> 
> When I attempt to login using MC\pjs11, winbindd spits this tidbit of
> log:
> 
>             006e id_auth[0] : 00
>             006f id_auth[1] : 00
>             0070 id_auth[2] : 00
>             0071 id_auth[3] : 00
>             0072 id_auth[4] : 00
>             0073 id_auth[5] : 05
>             0074 sub_auths : 00000015 7c0150b7 0fdc7252 030312ce
>     0084 status: 00000000
> adding trusted domain MC
> adding trusted domain RCH
> (--- NOTE: here is end of winbind startup log, below is login attempt)
> accepted socket 8
> [29305]: pam auth MC\pjs11
> could not get trust password for domain MC
> 
> I've attached my pam config file and nsswitch.conf, and the complete
> winbindd output is at http://spinler.dhs.org/~pspinler/winbindd.log.
> My system is a somewhat updated redhat 6.2, glibc 2.1.1.
> 
> I've also just recompiled the various componants from cvs SAMBA_TNG and
> APPLIANCE_HEAD branches, and will be trying these new componants later
> today.
> 
> -- Pat
> 
> p.s.  whenever I redirect winbind's output to a file, it hangs.  Any
> ideas ?  E.g. this command:
> 
>   $ winbindd -i -d 100 > /tmp/winbindd.log
> 
> produces a hung winbindd, only killable by kill -9.  Any clues ?
> 
> --
>       This message does not represent the policies or positions
>              of the Mayo Foundation or its subsidiaries.
>   Patrick Spinler                       email:  Spinler.Patrick at Mayo.EDU
>   Mayo Foundation                       phone:  507/284-9485
> 
>   ------------------------------------------------------------------------
> #
> # /etc/nsswitch.conf
> #
> # An example Name Service Switch config file. This file should be
> # sorted with the most-used services at the beginning.
> #
> # The entry '[NOTFOUND=return]' means that the search for an
> # entry should stop if the search in the previous entry turned
> # up nothing. Note that if the search failed due to some other reason
> # (like no NIS server responding) then the search continues with the
> # next entry.
> #
> # Legal entries are:
> #
> #       nisplus or nis+         Use NIS+ (NIS version 3)
> #       nis or yp               Use NIS (NIS version 2), also called YP
> #       dns                     Use DNS (Domain Name Service)
> #       files                   Use the local files
> #       db                      Use the local database (.db) files
> #       compat                  Use NIS on compat mode
> #       [NOTFOUND=return]       Stop searching if not found so far
> #
> 
> # To use db, put the "db" in front of "files" for entries you want to be
> # looked up first in the databases
> #
> # Example:
> #passwd:    db files nisplus nis
> #shadow:    db files nisplus nis
> #group:     db files nisplus nis
> 
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
> 
> #passwd:     files nisplus nis winbind
> #shadow:     files nisplus nis winbind
> #group:      files nisplus nis winbind
> 
> #hosts:     db files nisplus nis dns
> hosts:      files nisplus nis dns
> 
> services:   nisplus [NOTFOUND=return] files
> networks:   nisplus [NOTFOUND=return] files
> protocols:  nisplus [NOTFOUND=return] files
> rpc:        nisplus [NOTFOUND=return] files
> ethers:     nisplus [NOTFOUND=return] files
> netmasks:   nisplus [NOTFOUND=return] files
> bootparams: nisplus [NOTFOUND=return] files
> 
> netgroup:   nisplus
> 
> publickey:  nisplus
> 
> automount:  files nisplus
> aliases:    files nisplus
> 
>   ------------------------------------------------------------------------
> #%PAM-1.0
> auth       required     /lib/security/pam_securetty.so
> auth       required     /lib/security/pam_nologin.so
> auth       sufficient   /lib/security/pam_winbind.so
> auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
> #account    required    /lib/security/pam_pwdb.so
> account    required     /lib/security/pam_winbind.so
> password   required     /lib/security/pam_cracklib.so
> password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
> session    required     /lib/security/pam_pwdb.so
> session    optional     /lib/security/pam_console.so

-- 
      This message does not represent the policies or positions
	     of the Mayo Foundation or its subsidiaries.
  Patrick Spinler			email:	Spinler.Patrick at Mayo.EDU
  Mayo Foundation			phone:	507/284-9485

More information about the samba-ntdom mailing list