[Samba] winbindd + wbinfo -> NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Ingmar Koecher
ingmar.koecher at netikus.net
Fri Jun 7 07:48:02 GMT 2002
I still can't get winbindd working properly even though I am making some
progress here.
I retrieved the latest CVS version last night and now I can finally use
non-anonymous connections - that works very well. I *did* update both of the
pam modules in /lib and /lib/security
winbindd runs under the account of a regular domain user
"wbinfo -u" shows me all users and "getent passwd" shows me unix & nt users as
well. Needless to say that I was thrilled to see that.
Authentication however still does not work. I am currently trying to run
"wbinfo -a testuser1%testuser1" which always returns
NT_STATUS_CANT_ACCESS_DOMAIN_INFO - and I don't know what that means. I tried
to execute "querydominfo" with the rpcclient (running it under the same
account that winbindd uses) which did not result in an error message - I got
the # of accounts, groups and such - I don't know if that's the same thing
though.
I tried "wbinfo -a MYDOMAIN+testuser1%testuser1" when I had set the winbindd
separator to "+" which makes no difference at all.
"wbinfo -t" returns "checking the trust secret via RPC calls succeeded. Oddly
enough there is no network traffic as I am typing this command - this must be
since winbindd caches that information.
There is also no network traffic as I am typing "wbinfo -a ..." which suprises
me a little bit - does winbindd cache all domain information?
I was under the impression that only the administrator is able to obtain
password hashes - so if winbindd does not communicate with the domain
controller as I am typing "wbinfo -a testuser..." then it must have obtained
the hash earlier? I am little bit confused - again.
In detail, wbinfo says:
------------------------
plaintext password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not authenticate user testuser1%testuser1 with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not authenticate user testuser1%testuser1 with challenge/response
winbindd says:
------------------------
[..] pam auth: testuser1
winbindd_pam_auth: could not fetch trust account password for domain MYDOMAIN
Plain-text authentiation for user testuser1 returned
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
[..] request misc info
[..] request domain name
[..] pam auth crap domain: MYDOMAIN user: testuser1
winbindd_pam_auth: could not fetch trust account password for domain MYDOMAIN
NTLM CRAP authentiation for user [MYDOMAIN]\[testuser1\ returned
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Thanks a lot for any help,
Ingmar.
More information about the samba
mailing list