[Samba] winbind cannot get domain SID, no authentication

rruegner robowarp at gmx.de
Mon Oct 27 12:11:05 GMT 2003


Hi, first update your samba from the suse server to 2.2.8a (3.0)
which is on suses ftp server or via yast for serveral security bugs.
Gethostbyaddr failed for 192.168.2.232 seems to me like samba
cant connect to win server, maybe you have a broken nic cable hub etc,
did you check this by nmap or etherreal ping etc...have you installed
new iptables rules or used yast for update ( which sometimes makes trouble)
Service packs on windows will not be resolution and is not involved with
that stuff
after all after reinstalled service pack invokes a new domain trust....but i
am neary sure you have a network problem.....try nmblookup to you nt server
Best Regards
----- Original Message ----- 
From: "Thomas Zehbe" <tz at ingenion.de>
To: <samba at lists.samba.org>
Sent: Monday, October 27, 2003 11:54 AM
Subject: [Samba] winbind cannot get domain SID, no authentication


Hi Folks,
an installation using samba 2.2.7a on a SuSE 8.2
box (2.4.20 kernel) doesn?t work using winbind to authenticate users at
an NT 4.0 SP6a Server. But it did work until last Monday.

Rejoining the domain (smbpasswd -j), setting the SID (smbpasswd -w),
reinstalling SP6a on the NT box - nothing helps.

Does anyone has any idea???
Here are some lines of the logs an configs.

winbind (seems to me to be the core problem):
...
[2003/10/22 11:22:34, 1] nsswitch/winbindd_util.c:init_domain_list(144)
Retrying startup domain sid fetch for CDU
...
smbd:
...
[2003/10/22 08:01:58, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/10/22 08:01:58, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
cli_nt_setup_creds: auth2 challenge failed
[2003/10/22 08:01:58, 0]
smbd/password.c:connect_to_domain_password_server(1367)
connect_to_domain_password_server: unable to setup the PDC credentials
to machine C150. Error was : NT_STATUS_OK.
[2003/10/22 08:01:58, 0] smbd/password.c:domain_client_validate(1599)
domain_client_validate: Domain password server not available.
[2003/10/22 08:01:58, 1] lib/util_sock.c:get_socket_name(977)
Gethostbyaddr failed for 192.168.2.232
[2003/10/22 08:01:58, 1] smbd/service.c:make_connection(636)
stiewe2 (192.168.2.232) connect to service stiewe as user stiewe
(uid=10025, gid=10000) (pid 4887)
...
The 192.168.2.232 is the Client who tries to connect.

smb.conf:
[global]
workgroup = xyz
netbios name = GENERAL
interfaces = 192.168.2.100/255.255.255.0
security = DOMAIN
encrypt passwords = Yes
password server = 192.168.2.200
log level = 1
null passwords = yes
debug level = 1
syslog = 0
time server = Yes
unix extensions = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = CUPS
character set = ISO8859-15
client code page = 850
add user script = useradd -d /dev/null -g 500 -s /bin/false %m$
logon path = \\%L\profiles\%U
logon home = \\%L\%U\profile
domain logons = Yes
os level = 64
domain master = No
wins server = 192.168.2.200

winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /nutzerdaten/winhomes/%U
obey pam restrictions = yes

Thanks

Thomas Zehbe

INGENION GmbH
Fon 0 50 31 / 9 02 04-2
Fax 0 50 31 / 9 02 04-9
www.ingenion.de



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba





More information about the samba mailing list