winbindd-NT_STATUS_CANT_ACCESS_DOMAIN_INFO

Ingmar Koecher ingmar.koecher at netikus.net
Fri Jun 7 15:16:22 GMT 2002


First I apologize if I am not posting this to the correct list, but it seems 
rather specific and I haven't had any success posting it to the regular samba 
list (but then I might just be impatient).

I am running Samba as of CVS yesterday evening, Redhat 7.2, winbindd is 
configured to use a domain user instead of anonymous connections, and the PDC 
is NT4.

I've been trying to get winbind running for quite some time now, many days to 
be exact, without success - and the problem I have right now is this - 
winbindd tells me

---------
could not fetch trust account password for domain MYDOMAIN
Plain-text authentiation for user testuser1 returned 
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
---------
(more detailed logs are at the end of this message)

when I run "wbinfo -a testuser1%testuser1" (adding the domain doesn't change 
anything apparently).

I am also not sure if the pam configuration in /etc/pam.d/samba could be 
defect but I think it's irrelevant for my tests since wbinfo talks directly 
to winbindd or am I totally wrong?

I already started looking at the source (secrets.c, winbindd_pam.c) but I'm 
just in the beginning of my journey of transforming my medium windows C 
skills to linux.

Under what circumstances does Samba report the above errors? Is my file 
secrets.tdb possibly broken? "wbinfo -t" returns "checking the trust secret 
via RPC calls succeeded", and "wbinfo -u" lists all user accounts, even 
"getent passwd" works great - so I would think that my secrets.tdb is ok.

I even tried to add some more debugging info to track down for myself where 
the problem in "secrets.c" exactly occurrs - but even though I update all .so 
files in the pam relevant directories and rebooted the linux box the 
additional (and changed) lines are not effective - rather confusing.

The ultimate goal is to use this samba installation as a member server without 
having to maintain NT user accounts on the samba box.

Again, I hope not to disturb anybody sending to the technical list and also 
hope that someone can just give me a *little* hint so I can get this thing 
going.


Thanks so much,
Ingmar.



--------- detailed logs:

In detail, wbinfo says:
------------------------
plaintext password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not authenticate user testuser1%testuser1 with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not authenticate user testuser1%testuser1 with challenge/response

winbindd says:
------------------------
[..] pam auth: testuser1
winbindd_pam_auth: could not fetch trust account password for domain MYDOMAIN
Plain-text authentiation for user testuser1 returned 
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
[..] request misc info
[..] request domain name
[..] pam auth crap domain: MYDOMAIN user: testuser1
winbindd_pam_auth: could not fetch trust account password for domain MYDOMAIN
NTLM CRAP authentiation for user [MYDOMAIN]\[testuser1\ returned 
NT_STATUS_CANT_ACCESS_DOMAIN_INFO





More information about the samba-technical mailing list