[Samba] samba, winbind and NT 4.0 suddenly stop working together

Thomas Zehbe tz at ingenion.de
Thu Oct 23 07:28:07 GMT 2003 

Hi Folks,
since several months an installation using samba 2.2.7a on a SuSE 8.2 
box (2.4.20 kernel) worked fine using winbind to authenticate users at 
an NT 4.0 SP6a Server including ont-the-fly creation of home dirs on the 
LINUX box. There are about 20 WinCients working.

Since monday authentication stops working without any (known) event like 
machine crashes, reconfiguring etc. So all users lost access to home an 
group shares. wbinfo isn?t working, getent only shows local users and 
groups.

I tried several things. Rejoining the domain (smbpasswd -j), setting the 
SID (smbpasswd -w), reinstalling SP6a on the NT box - nothing helps. 
ping to the NT box works. To get the people working i created linux 
accounts with fitting uids an gids.

Does anyone has any idea???
Here are some line of the logs an configs.
winbind (seems to me to be the core problem):
...
[2003/10/22 11:22:34, 1] nsswitch/winbindd_util.c:init_domain_list(144)
Retrying startup domain sid fetch for CDU
...
smbd:
...
[2003/10/22 08:01:58, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/10/22 08:01:58, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
cli_nt_setup_creds: auth2 challenge failed
[2003/10/22 08:01:58, 0] 
smbd/password.c:connect_to_domain_password_server(1367)
connect_to_domain_password_server: unable to setup the PDC credentials 
to machine C150. Error was : NT_STATUS_OK.
[2003/10/22 08:01:58, 0] smbd/password.c:domain_client_validate(1599)
domain_client_validate: Domain password server not available.
[2003/10/22 08:01:58, 1] lib/util_sock.c:get_socket_name(977)
Gethostbyaddr failed for 192.168.2.232
[2003/10/22 08:01:58, 1] smbd/service.c:make_connection(636)
stiewe2 (192.168.2.232) connect to service stiewe as user stiewe 
(uid=10025, gid=10000) (pid 4887)
...
The 192.168.2.232 is the Client who tries to connect.

smb.conf:
[global]
workgroup = xyz
netbios name = GENERAL
interfaces = 192.168.2.100/255.255.255.0
security = DOMAIN
encrypt passwords = Yes
password server = 192.168.2.200
log level = 1
null passwords = yes
debug level = 1
syslog = 0
time server = Yes
unix extensions = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = CUPS
character set = ISO8859-15
client code page = 850
add user script = useradd -d /dev/null -g 500 -s /bin/false %m$
logon path = \\%L\profiles\%U
logon home = \\%L\%U\profile
domain logons = Yes
os level = 64
domain master = No
wins server = 192.168.2.200

winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /nutzerdaten/winhomes/%U
obey pam restrictions = yes

Thanks

Thomas Zehbe

INGENION GmbH
Fon 0 50 31 / 9 02 04-2
Fax 0 50 31 / 9 02 04-9
www.ingenion.de

More information about the samba mailing list