[Samba] winbindd + wbinfo -> NT_STATUS_CANT_ACCESS_DOMAIN_INFO

Ingmar Koecher ingmar.koecher at netikus.net
Fri Jun 7 07:48:02 GMT 2002 

I still can't get winbindd working properly even though I am making some 
progress here.

I retrieved the latest CVS version last night and now I can finally use 
non-anonymous connections - that works very well. I *did* update both of the 
pam modules in /lib and /lib/security

winbindd runs under the account of a regular domain user

"wbinfo -u" shows me all users and "getent passwd" shows me unix & nt users as 
well. Needless to say that I was thrilled to see that.

Authentication however still does not work. I am currently trying to run 
"wbinfo -a testuser1%testuser1" which always returns 
NT_STATUS_CANT_ACCESS_DOMAIN_INFO - and I don't know what that means. I tried 
to execute "querydominfo" with the rpcclient (running it under the same 
account that winbindd uses) which did not result in an error message - I got 
the # of accounts, groups and such - I don't know if that's the same thing 
though.

I tried "wbinfo -a MYDOMAIN+testuser1%testuser1" when I had set the winbindd 
separator to "+" which makes no difference at all.

"wbinfo -t" returns "checking the trust secret via RPC calls succeeded. Oddly 
enough there is no network traffic as I am typing this command - this must be 
since winbindd caches that information.

There is also no network traffic as I am typing "wbinfo -a ..." which suprises 
me a little bit - does winbindd cache all domain information? 

I was under the impression that only the administrator is able to obtain 
password hashes - so if winbindd does not communicate with the domain 
controller as I am typing "wbinfo -a testuser..." then it must have obtained 
the hash earlier? I am little bit confused - again.

In detail, wbinfo says:
------------------------
plaintext password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not authenticate user testuser1%testuser1 with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not authenticate user testuser1%testuser1 with challenge/response

winbindd says:
------------------------
[..] pam auth: testuser1
winbindd_pam_auth: could not fetch trust account password for domain MYDOMAIN
Plain-text authentiation for user testuser1 returned 
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
[..] request misc info
[..] request domain name
[..] pam auth crap domain: MYDOMAIN user: testuser1
winbindd_pam_auth: could not fetch trust account password for domain MYDOMAIN
NTLM CRAP authentiation for user [MYDOMAIN]\[testuser1\ returned 
NT_STATUS_CANT_ACCESS_DOMAIN_INFO


Thanks a lot for any help,
Ingmar.

More information about the samba mailing list