winbindd-NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Ingmar Koecher
ingmar.koecher at netikus.net
Fri Jun 7 15:16:22 GMT 2002
First I apologize if I am not posting this to the correct list, but it seems
rather specific and I haven't had any success posting it to the regular samba
list (but then I might just be impatient).
I am running Samba as of CVS yesterday evening, Redhat 7.2, winbindd is
configured to use a domain user instead of anonymous connections, and the PDC
is NT4.
I've been trying to get winbind running for quite some time now, many days to
be exact, without success - and the problem I have right now is this -
winbindd tells me
---------
could not fetch trust account password for domain MYDOMAIN
Plain-text authentiation for user testuser1 returned
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
---------
(more detailed logs are at the end of this message)
when I run "wbinfo -a testuser1%testuser1" (adding the domain doesn't change
anything apparently).
I am also not sure if the pam configuration in /etc/pam.d/samba could be
defect but I think it's irrelevant for my tests since wbinfo talks directly
to winbindd or am I totally wrong?
I already started looking at the source (secrets.c, winbindd_pam.c) but I'm
just in the beginning of my journey of transforming my medium windows C
skills to linux.
Under what circumstances does Samba report the above errors? Is my file
secrets.tdb possibly broken? "wbinfo -t" returns "checking the trust secret
via RPC calls succeeded", and "wbinfo -u" lists all user accounts, even
"getent passwd" works great - so I would think that my secrets.tdb is ok.
I even tried to add some more debugging info to track down for myself where
the problem in "secrets.c" exactly occurrs - but even though I update all .so
files in the pam relevant directories and rebooted the linux box the
additional (and changed) lines are not effective - rather confusing.
The ultimate goal is to use this samba installation as a member server without
having to maintain NT user accounts on the samba box.
Again, I hope not to disturb anybody sending to the technical list and also
hope that someone can just give me a *little* hint so I can get this thing
going.
Thanks so much,
Ingmar.
--------- detailed logs:
In detail, wbinfo says:
------------------------
plaintext password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not authenticate user testuser1%testuser1 with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not authenticate user testuser1%testuser1 with challenge/response
winbindd says:
------------------------
[..] pam auth: testuser1
winbindd_pam_auth: could not fetch trust account password for domain MYDOMAIN
Plain-text authentiation for user testuser1 returned
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
[..] request misc info
[..] request domain name
[..] pam auth crap domain: MYDOMAIN user: testuser1
winbindd_pam_auth: could not fetch trust account password for domain MYDOMAIN
NTLM CRAP authentiation for user [MYDOMAIN]\[testuser1\ returned
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
More information about the samba-technical
mailing list