[Samba] wbinfo -u returns 0xc0000022

Salmons, Michael SalmonsM at missouri.edu
Mon Mar 1 16:56:24 GMT 2004 

Hello,
 
I am attempting to add a Redhat 9 box to our NT4 domain as a member
server. I want to enumerate user and group info so I don't have to make
two sets of user and group accounts. I've setup samba (version 2.2.7a)
and pamd the way I think I'm supposed to, but wbinfo -u always returns
0xc0000022. I've found this particular error mentioned in a few
articles, but applying the various remedies offered has resulted in no
change.
 
wbinfo -t: the secret was good, but over the weekend (and after a reboot
of the pdc and bdc) it's now bad. it returns 0xc00000e5.
 
I've used wbinfo -a to authenticate to the domain as the domain admin-
it authenticated successfully- no change in response of wbinfo -u. (also
i noticed it was passing the password in cleartext, something i'd rather
not do..)
 
in case this is an issue: RestrictAnonymous is set to 1 on the pdc.
 
I had no trouble adding the machine to the domain. I don't think I did,
at least. I started in the Server Manager of the pdc, then ran
smbpasswd. I can use smbmount to view shares in the domain on the redhat
box, plus test shares I've setup on the redhat box are viewable by
others if I've established a local account for them.
 
--various files, with a few things changed to protect privacy:
 
/etc/samba/smb.conf
 
NOTE: wins server is numeric ip and is correct; hosts allow does match
our subnet; password server and remote announce are the netbios names of
our pdc and bdc
 
[global]
 log file = /var/log/samba/%m.log
 smb passwd file = /etc/samba/smbpasswd
 load printers = yes
 passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 obey pam restrictions = yes
 wins server = xx.xx.xx.xx
 encrypt passwords = yes
 hosts allow = xx.xx 
 passwd program = /usr/bin/passwd %u
 dns proxy = no
 netbios name = netname
 server string = serverstring
 printing = cups
 password server = pdc bdc
 unix password sync = Yes
 local master = no
 remote announce = pdc
 workgroup = DOMAIN
 os level = 2
 printcap name = /etc/printcap
 security = domain
 preferred master = no
 max log size = 0
 pam password change = yes
        username map = /etc/samba/smbusers
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        template homedir = /home/%U
        winbind separator = +
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template shell = /bin/bash 
        add user script = /usr/sbin/adduser -d /home/%D/%U %u
 
 
 
/etc/pam.d/login
 
#%PAM-1.0
auth       required pam_securetty.so
auth       required pam_stack.so service=system-auth
auth       required pam_nologin.so
account    required pam_stack.so service=system-auth
password   required pam_stack.so service=system-auth
session    required pam_stack.so service=system-auth
session    optional pam_console.so
account    sufficient  /lib/security/pam_winbind.so
session    required    /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0022
 

/etc/pam.d/samba
 
#%PAM-1.0
auth       required pam_nologin.so
auth       required     pam_env.so
auth       required pam_stack.so service=system-auth
auth       sufficient   pam_ldap.so
auth       sufficient   pam_smb_auth.so use_first_pass
auth       sufficient   pam_unix.so likeauth nullok try_first_pass
auth       required     pam_deny.so
account    required pam_stack.so service=system-auth
session    required pam_stack.so service=system-auth
password   required pam_stack.so service=system-auth
 

/etc/pam.d/system-auth
 
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so
 
account     required      /lib/security/$ISA/pam_unix.so
 
password    required      /lib/security/$ISA/pam_cracklib.so retry=3
type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password    required      /lib/security/$ISA/pam_deny.so
 
session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
 
 
 
/etc/pam_smb.conf
 
DOMAIN 
pdc 
bdc
 
(substitute actual domain and netbios names of pdc and bdc)
 
 
 
What should I check next? Any help would be appreciated.
 
Michael Salmons
salmonsm at missouri.edu

More information about the samba mailing list