[Samba] winbind cannot get domain SID, no authentication

Thomas Zehbe tz at ingenion.de
Mon Oct 27 10:54:31 GMT 2003 

Hi Folks,
an installation using samba 2.2.7a on a SuSE 8.2
box (2.4.20 kernel) doesn?t work using winbind to authenticate users at
an NT 4.0 SP6a Server. But it did work until last Monday.

Rejoining the domain (smbpasswd -j), setting the SID (smbpasswd -w), 
reinstalling SP6a on the NT box - nothing helps.

Does anyone has any idea???
Here are some lines of the logs an configs.

winbind (seems to me to be the core problem):
...
[2003/10/22 11:22:34, 1] nsswitch/winbindd_util.c:init_domain_list(144)
Retrying startup domain sid fetch for CDU
...
smbd:
...
[2003/10/22 08:01:58, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/10/22 08:01:58, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
cli_nt_setup_creds: auth2 challenge failed
[2003/10/22 08:01:58, 0]
smbd/password.c:connect_to_domain_password_server(1367)
connect_to_domain_password_server: unable to setup the PDC credentials
to machine C150. Error was : NT_STATUS_OK.
[2003/10/22 08:01:58, 0] smbd/password.c:domain_client_validate(1599)
domain_client_validate: Domain password server not available.
[2003/10/22 08:01:58, 1] lib/util_sock.c:get_socket_name(977)
Gethostbyaddr failed for 192.168.2.232
[2003/10/22 08:01:58, 1] smbd/service.c:make_connection(636)
stiewe2 (192.168.2.232) connect to service stiewe as user stiewe
(uid=10025, gid=10000) (pid 4887)
...
The 192.168.2.232 is the Client who tries to connect.

smb.conf:
[global]
workgroup = xyz
netbios name = GENERAL
interfaces = 192.168.2.100/255.255.255.0
security = DOMAIN
encrypt passwords = Yes
password server = 192.168.2.200
log level = 1
null passwords = yes
debug level = 1
syslog = 0
time server = Yes
unix extensions = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = CUPS
character set = ISO8859-15
client code page = 850
add user script = useradd -d /dev/null -g 500 -s /bin/false %m$
logon path = \\%L\profiles\%U
logon home = \\%L\%U\profile
domain logons = Yes
os level = 64
domain master = No
wins server = 192.168.2.200

winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /nutzerdaten/winhomes/%U
obey pam restrictions = yes

Thanks

Thomas Zehbe

INGENION GmbH
Fon 0 50 31 / 9 02 04-2
Fax 0 50 31 / 9 02 04-9
www.ingenion.de

More information about the samba mailing list