Is there some way to force winbindd to use msrpc rather than ads?

Richard Sharpe realrichardsharpe at gmail.com
Mon Jun 3 22:25:07 MDT 2013 

Hi folks,

I am having a problem were we cannot use ADS for querying the DCs but
winbinds seems to always want to do that. This causes the following
problems:

[2013/06/04 12:13:40.657627, 10]
winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
  winbindd_dual_ndrcmd: Running command WBINT_LOOKUPUSERGROUPS (AYAY)
[2013/06/04 12:13:40.657705, 10]
winbindd/winbindd_cache.c:461(fetch_cache_seqnum)
  fetch_cache_seqnum: success [APAC][4294967295 @ 1370319151]
[2013/06/04 12:13:40.657756, 10]
winbindd/winbindd_cache.c:4601(wcache_tdc_fetch_domain)
  wcache_tdc_fetch_domain: Searching for domain AYAY
[2013/06/04 12:13:40.657835, 10]
winbindd/winbindd_cache.c:4616(wcache_tdc_fetch_domain)
  wcache_tdc_fetch_domain: Found domain AYAY
[2013/06/04 12:13:40.657884,  3] winbindd/winbindd_ads.c:1251(sequence_number)
  ads: fetch sequence_number for AYAY
[2013/06/04 12:13:40.657925, 10]
winbindd/winbindd_cache.c:4601(wcache_tdc_fetch_domain)
  wcache_tdc_fetch_domain: Searching for domain AYAY
[2013/06/04 12:13:40.657994, 10]
winbindd/winbindd_cache.c:4616(wcache_tdc_fetch_domain)
  wcache_tdc_fetch_domain: Found domain AYAY
[2013/06/04 12:13:40.658041, 10]
winbindd/winbindd_ads.c:54(ads_cached_connection)
  ads_cached_connection
[2013/06/04 12:13:42.508853,  0] libads/sasl.c:908(ads_sasl_spnego_bind)
  kinit succeeded but ads_sasl_spnego_krb5_bind failed: Decrypt
integrity check failed
[2013/06/04 12:13:42.508933,  1]
winbindd/winbindd_ads.c:134(ads_cached_connection)
  ads_connect for domain AYAY failed: Decrypt integrity check failed
[2013/06/04 12:13:42.509023, 10]
winbindd/winbindd_cache.c:573(refresh_sequence_number)
  refresh_sequence_number: failed with NT_STATUS_UNSUCCESSFUL
[2013/06/04 12:13:42.509103, 10]
winbindd/winbindd_cache.c:498(wcache_store_seqnum)
  wcache_store_seqnum: success [AYAY][4294967295 @ 1370319222]
[2013/06/04 12:13:42.509148, 10]
winbindd/winbindd_cache.c:585(refresh_sequence_number)
  refresh_sequence_number: APAC seq number is now -1
[2013/06/04 12:13:42.509216,  4]
winbindd/winbindd_dual.c:1557(fork_domain_child)
  Finished processing child request 59
[2013/06/04 12:13:42.509260, 10]
winbindd/winbindd_dual.c:1573(fork_domain_child)
  Writing 3508 bytes to parent
[2013/06/04 12:13:42.509536,  5]
winbindd/winbindd_getgroups.c:186(winbindd_getgroups_recv)
  Could not convert sid S-1-5-21-3378820088-601325907-1431891580-8593: NT_STATUS

It seems that if I can force it to use MSRPC things will work.

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)

More information about the samba-technical mailing list