[Samba] Winbind and net -t failure

Chester Wisniewski chetw at zuzax.com
Wed Jun 4 01:18:08 GMT 2003 

I posted about a winbind/PAM issue earlier and discovered that the auth
portion of pam_winbind is what was causing my failures. I receive the
following message when trying to authenticate sshd or login with the auth
pam_winbind module:

Jun  3 20:43:04 gonzo pam_winbind[14850]: request failed: No logon servers,
PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun  3 20:43:04 gonzo pam_winbind[14850]: internal module error (retval = 4,
user = `TECHFORTIFY+administrator'
Jun  3 20:43:04 gonzo sshd(pam_unix)[14850]: check pass; user unknown
Jun  3 20:44:56 gonzo sshd(pam_unix)[14850]: 1 more authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=10.143.200.200

In another message on the list I noticed someone said they had tried net -t
and it was successful. I decided to try it and it failed. This may be the
source of my problem:

[root at gonzo bin]# ./wbinfo -u
TECHFORTIFY+administrator
TECHFORTIFY+Guest
TECHFORTIFY+krbtgt
TECHFORTIFY+cmw
[root at gonzo bin]# ./wbinfo -g\
> 
TECHFORTIFY+Domain Computers
TECHFORTIFY+Domain Controllers
TECHFORTIFY+Schema Admins
TECHFORTIFY+Enterprise Admins
TECHFORTIFY+Domain Admins
TECHFORTIFY+Domain Users
TECHFORTIFY+Domain Guests
TECHFORTIFY+Group Policy Creator Owners
[root at gonzo bin]# ./wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_UNSUCCESSFUL (0xc0000001)
Could not check secret
[root at gonzo bin]# /usr/kerberos/bin/kinit administrator at AD.TECHFORTIFY.NET
Password for administrator at AD.TECHFORTIFY.NET: 
[root at gonzo bin]# ./net ads join
[2003/06/03 20:51:24, 0] libads/ldap.c:ads_join_realm(1352)
  Host account for gonzo already exists - deleting old account
Joined 'GONZO' to realm 'AD.TECHFORTIFY.NET'
[root at gonzo bin]# ./wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_UNSUCCESSFUL (0xc0000001)
Could not check secret

As you can see I tried re-joining the domain and still failed. Any have any
ideas as to what is causing this issue? If I remove auth pointing at winbind
it lets me login but it is very unhappy.

Chet Wisniewski
chetw at nospam.zuzax.com

More information about the samba mailing list