[Samba] wbinfo / NT4 PDC

Billy Passauer hpassau at emory.edu
Tue Jun 11 08:14:02 GMT 2002 

I'm having a really strange problem with winbind and my NT4 PDC.  The
PDC was here before I started working here, so I'm not sure what all
has been done to it.  Here's the layout:

* NT4 PDC (no BDC)- Up to date with all service packs and hotfixes.
  Running Cyberwall-Plus firewall.

* RHL 7.2 (2.4.9-31custom) with Samba 2.2.4 (compiled from src).

I was able to join the domain.  The secret is good.  I can translate
names to SID's and vice-versa.  I can "authenticate" using wbinfo (at
least I believe this output means it succeeded):

    plaintext password authentication failed
    error code was NT_STATUS_INVALID_PARAMETER (0xc000000d)
    Could not authenticate user user%password with plaintext password
    challenge/response password authentication succeeded
    error code was NT_STATUS_OK (0x0)

However, I can not get the user or group listing from the PDC using
wbinfo -u or -g ("Error looking up domain/groups").  Also, 
getent password/group only returns info from the local files on the 
linux machine.

It's not a firewall configuration issue, because during testing, I've 
disabled the firewalls on both systems.

Now the odd part.  I set up a test NT system, with all the latest
service packs and hotfixes, and installed it as a BDC to our original
PDC.  I even installed the same firewall with the same ruleset as what
is on the PDC.  In smb.conf, if I change the "password server=" entry
to point to the BDC, everything works perfectly!  I can get the
user/group listings via wbinfo -u/-g and getent.  And, most importantly,
as this is the goal of everything I'm trying to do here, I can even 
authenticate windows/macintosh users via pam.

In searching through the samba list archives, I thought I had found a
glimmer of hope in the "restrict anonymous" registry setting, because
the PDC had it, but the BDC did not.  But unfortunately that was not it.
The logs and debug info show nothing obvious (at least to me).

I'm hoping that someone might have an idea of what could be different
between the PDC and BDC that would allow one to work and not the other.
Or maybe some way to help me make that determination.
Thanks for ANY help.

-- 
  _ .      hpassau at emory.edu  | Computers are just like air
conditioners:
 |_) ||                       | They stop working properly when
 |_)||||_|                    | you open windows.
Passauer_|                    |

More information about the samba mailing list