[Samba] Re: wbinfo -u returns 0xc0000022
Salmons, Michael
SalmonsM at missouri.edu
Wed Mar 3 16:11:37 GMT 2004
Thanks for that info. No effect on the problem, though..
-----Original Message-----
From: Zylo [mailto:shiningzylo at caramail.com]
Sent: Wednesday, March 03, 2004 5:05 AM
To: samba at lists.samba.org
Subject: [Samba] Re: wbinfo -u returns 0xc0000022
You should use wbinfo -A user%password
You need only a valid user, not an administrator user.
HTH.
"Salmons, Michael" <SalmonsM at missouri.edu> a écrit dans le message de news:7F5BBA66C483B1489B4B5749609361D311C6AD at UM-EMAIL08.um.umsystem.edu...
Hello,
I am attempting to add a Redhat 9 box to our NT4 domain as a member server. I want to enumerate user and group info so I don't have to make two sets of user and group accounts. I've setup samba (version 2.2.7a) and pamd the way I think I'm supposed to, but wbinfo -u always returns 0xc0000022. I've found this particular error mentioned in a few articles, but applying the various remedies offered has resulted in no change.
wbinfo -t: the secret was good, but over the weekend (and after a reboot of the pdc and bdc) it's now bad. it returns 0xc00000e5.
I've used wbinfo -a to authenticate to the domain as the domain admin- it authenticated successfully- no change in response of wbinfo -u. (also i noticed it was passing the password in cleartext, something i'd rather not do..)
in case this is an issue: RestrictAnonymous is set to 1 on the pdc.
I had no trouble adding the machine to the domain. I don't think I did, at least. I started in the Server Manager of the pdc, then ran smbpasswd. I can use smbmount to view shares in the domain on the redhat box, plus test shares I've setup on the redhat box are viewable by others if I've established a local account for them.
--various files, with a few things changed to protect privacy:
/etc/samba/smb.conf
NOTE: wins server is numeric ip and is correct; hosts allow does match our subnet; password server and remote announce are the netbios names of our pdc and bdc
[global]
log file = /var/log/samba/%m.log
smb passwd file = /etc/samba/smbpasswd
load printers = yes
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 obey pam restrictions = yes wins server = xx.xx.xx.xx encrypt passwords = yes hosts allow = xx.xx passwd program = /usr/bin/passwd %u dns proxy = no netbios name = netname server string = serverstring printing = cups password server = pdc bdc unix password sync = Yes local master = no remote announce = pdc workgroup = DOMAIN os level = 2 printcap name = /etc/printcap security = domain preferred master = no max log size = 0 pam password change = yes
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
template homedir = /home/%U
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
add user script = /usr/sbin/adduser -d /home/%D/%U %u
/etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
account sufficient /lib/security/pam_winbind.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0022
/etc/pam.d/samba
#%PAM-1.0
auth required pam_nologin.so
auth required pam_env.so
auth required pam_stack.so service=system-auth
auth sufficient pam_ldap.so
auth sufficient pam_smb_auth.so use_first_pass
auth sufficient pam_unix.so likeauth nullok try_first_pass
auth required pam_deny.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_cracklib.so retry=3
type=
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
/etc/pam_smb.conf
DOMAIN
pdc
bdc
(substitute actual domain and netbios names of pdc and bdc)
What should I check next? Any help would be appreciated.
Michael Salmons
salmonsm at missouri.edu
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list