AIX 4.3.3 WINBIND logon problem
Michael Thessel
thesi at wg-web.dyndns.org
Wed Jun 11 10:01:44 GMT 2003
Hello NG,
i try to authenticate a aix 4.3.3 workstation against a samba beta 3.0 samba server (LDAP Backend openldap 2.1.19).
net/wbinfo -a user%password (winbind use default domain) returns:
challenge/response password authentication succeeded
but a system logon dosn't work.
the client configuation:
/usr/local/samba/lib/smb.conf:
[global]
workgroup = SAMBA30
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/ksh
winbind cache time = 15
winbind use default domain = yes
/usr/lib/security/methods.cfg:
WINBIND:
program = /usr/lib/security/WINBIND
options = authonly
/etc/security/user:
default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 = NONE
tpath = nosak
umask = 022
expires = 0
SYSTEM = "compat or WINBIND"
logintimes =
pwdwarntime = 0
account_locked = false
loginretries = 0
histexpire = 0
histsize = 0
minage = 0
maxage = 0
maxexpired = -1
minalpha = 0
minother = 0
minlen = 0
mindiff = 0
maxrepeats = 8
dictionlist =
pwdchecks =
root:
admin = true
SYSTEM = "compat"
loginretries = 0
account_locked = false
daemon:
admin = true
expires = 0101000070
bin:
admin = true
expires = 0101000070
sys:
admin = true
expires = 0101000070
adm:
admin = true
uucp:
admin = true
login = false
rlogin = false
su = true
guest:
nobody:
admin = true
expires = 0101000070
lpd:
admin = true
expires = 010100007
imnadm:
login = false
rlogin = false
admin = false
ldap:
admin = false
the server configuration:
smb.conf:
[global]
passdb backend = ldapsam:ldap://127.0.0.1/
ldap suffix = o=smb,dc=samba30,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap admin dn = "cn=root,dc=samba30,dc=com"
ldap ssl = off
server string = SAMBA30 auf linsynci
netbios name = LINSYNCI
workgroup = SAMBA30
os level = 64
preferred master = yes
domain master = yes
local master = yes
security = user
encrypt passwords = yes
domain logons = yes
logon path = \\LINSYNCI\profiles\%U
logon drive = H:
logon home = \\LINSYNCI\homes\%U
logon script = start.cmd
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
the winbind logs:
[10326]: request interface version
[2003/06/11 09:57:48, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(243)
[10326]: request location of privileged pipe
[2003/06/11 09:57:48, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:48, 3] libsmb/namequery.c:resolve_lmhosts(722)
resolve_lmhosts: Attempting lmhosts lookup for name SAMBA30<0x1c>
[2003/06/11 09:57:48, 3] libsmb/namequery.c:resolve_wins(629)
resolve_wins: Attempting wins lookup for name SAMBA30<0x1c>
[2003/06/11 09:57:48, 3] libsmb/namequery.c:resolve_wins(632)
resolve_wins: WINS server resolution selected and no WINS servers listed.
[2003/06/11 09:57:48, 3] libsmb/namequery.c:name_resolve_bcast(582)
name_resolve_bcast: Attempting broadcast lookup for name SAMBA30<0x1c>
[2003/06/11 09:57:48, 2] libsmb/namequery.c:name_query(404)
Got a positive name query response from 192.168.100.62 ( 192.168.100.62 )
[2003/06/11 09:57:48, 3] libsmb/namequery_dc.c:rpc_find_dc(236)
rpc_find_dc: Returning DC LINSYNCI (192.168.100.62) for domain SAMBA30
[2003/06/11 09:57:48, 3] nsswitch/winbindd_cm.c:cm_get_dc_name(208)
cm_get_dc_name: Returning DC LINSYNCI (192.168.100.62) for domain SAMBA30
[2003/06/11 09:57:48, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(238)
IPC$ connections done by user SAMBA30\root
[2003/06/11 09:57:48, 3] libsmb/cliconnect.c:cli_full_connection(1229)
Connecting to host=LINSYNCI share=IPC$
[2003/06/11 09:57:48, 3] lib/util_sock.c:open_socket_out(676)
Connecting to 192.168.100.62 at port 445
[2003/06/11 09:57:48, 2] libsmb/cliconnect.c:cli_session_setup_spnego(619)
Doing spnego session setup (blob length=58)
[2003/06/11 09:57:48, 3] libsmb/cliconnect.c:cli_session_setup_spnego(644)
got OID=1 3 6 1 4 1 311 2 2 10
[2003/06/11 09:57:48, 3] libsmb/cliconnect.c:cli_session_setup_spnego(651)
got principal=NONE
[2003/06/11 09:57:49, 2] rpc_client/cli_pipe.c:check_bind_response(1335)
bind_rpc_pipe: transfer syntax differs
[2003/06/11 09:57:49, 2] rpc_client/cli_pipe.c:rpc_pipe_bind(1490)
rpc_pipe_bind: check_bind_response failed.
[2003/06/11 09:57:49, 2] rpc_client/cli_pipe.c:cli_nt_session_open(1561)
cli_nt_session_open: rpc bind to \PIPE\lsarpc failed
[2003/06/11 09:57:49, 3] nsswitch/winbindd_util.c:add_trusted_domain(130)
add_trusted_domain: SAMBA30 is a mixed (or NT4) mode domain
[2003/06/11 09:57:49, 1] nsswitch/winbindd_util.c:add_trusted_domain(136)
Added domain SAMBA30
[2003/06/11 09:57:49, 1] nsswitch/winbindd_util.c:rescan_trusted_domains(166)
scanning trusted domain list
[2003/06/11 09:57:49, 3] nsswitch/winbindd_rpc.c:trusted_domains(706)
rpc: trusted_domains
[2003/06/11 09:57:49, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(238)
IPC$ connections done by user SAMBA30\root
[2003/06/11 09:57:49, 3] libsmb/cliconnect.c:cli_full_connection(1229)
Connecting to host=LINSYNCI share=IPC$
[2003/06/11 09:57:49, 3] lib/util_sock.c:open_socket_out(676)
Connecting to 192.168.100.62 at port 445
[2003/06/11 09:57:49, 2] libsmb/cliconnect.c:cli_session_setup_spnego(619)
Doing spnego session setup (blob length=58)
[2003/06/11 09:57:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(644)
got OID=1 3 6 1 4 1 311 2 2 10
[2003/06/11 09:57:49, 3] libsmb/cliconnect.c:cli_session_setup_spnego(651)
got principal=NONE
[2003/06/11 09:57:50, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(238)
IPC$ connections done by user SAMBA30\root
[2003/06/11 09:57:50, 3] libsmb/cliconnect.c:cli_full_connection(1229)
Connecting to host=LINSYNCI share=IPC$
[2003/06/11 09:57:50, 3] lib/util_sock.c:open_socket_out(676)
Connecting to 192.168.100.62 at port 445
[2003/06/11 09:57:50, 2] libsmb/cliconnect.c:cli_session_setup_spnego(619)
Doing spnego session setup (blob length=58)
[2003/06/11 09:57:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(644)
got OID=1 3 6 1 4 1 311 2 2 10
[2003/06/11 09:57:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(651)
got principal=NONE
[2003/06/11 09:57:51, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
[2003/06/11 09:57:52, 3] nsswitch/winbindd_rpc.c:query_user(356)
rpc: query_user rid=S-1-5-21-1233289798-2274429175-2198993277-2030
[2003/06/11 09:57:53, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:53, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
[2003/06/11 09:57:53, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:53, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
[2003/06/11 09:57:53, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:53, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
[2003/06/11 09:57:54, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:54, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
[2003/06/11 09:57:54, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:54, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
[2003/06/11 09:57:55, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:55, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
[2003/06/11 09:57:56, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:56, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
[2003/06/11 09:57:56, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:56, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
[2003/06/11 09:57:56, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:56, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
[2003/06/11 09:57:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:57, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
[2003/06/11 09:57:59, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:59, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
[2003/06/11 09:57:59, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(108)
[10326]: getpwnam kai
[2003/06/11 09:57:59, 3] nsswitch/winbindd_rpc.c:name_to_sid(271)
rpc: name_to_sid name=kai
Thanks for all help!
Michael
More information about the samba-technical
mailing list