[Samba] Re: wbinfo -u returns 0xc0000022

Salmons, Michael SalmonsM at missouri.edu
Wed Mar 3 16:11:37 GMT 2004 

 Thanks for that info. No effect on the problem, though..



-----Original Message-----
From: Zylo [mailto:shiningzylo at caramail.com] 
Sent: Wednesday, March 03, 2004 5:05 AM
To: samba at lists.samba.org
Subject: [Samba] Re: wbinfo -u returns 0xc0000022

You should use wbinfo -A user%password
You need only a valid user, not an administrator user.

HTH.

"Salmons, Michael" <SalmonsM at missouri.edu> a écrit dans le message de news:7F5BBA66C483B1489B4B5749609361D311C6AD at UM-EMAIL08.um.umsystem.edu...
Hello,

I am attempting to add a Redhat 9 box to our NT4 domain as a member server. I want to enumerate user and group info so I don't have to make two sets of user and group accounts. I've setup samba (version 2.2.7a) and pamd the way I think I'm supposed to, but wbinfo -u always returns 0xc0000022. I've found this particular error mentioned in a few articles, but applying the various remedies offered has resulted in no change.

wbinfo -t: the secret was good, but over the weekend (and after a reboot of the pdc and bdc) it's now bad. it returns 0xc00000e5.

I've used wbinfo -a to authenticate to the domain as the domain admin- it authenticated successfully- no change in response of wbinfo -u. (also i noticed it was passing the password in cleartext, something i'd rather not do..)

in case this is an issue: RestrictAnonymous is set to 1 on the pdc.

I had no trouble adding the machine to the domain. I don't think I did, at least. I started in the Server Manager of the pdc, then ran smbpasswd. I can use smbmount to view shares in the domain on the redhat box, plus test shares I've setup on the redhat box are viewable by others if I've established a local account for them.

--various files, with a few things changed to protect privacy:

/etc/samba/smb.conf

NOTE: wins server is numeric ip and is correct; hosts allow does match our subnet; password server and remote announce are the netbios names of our pdc and bdc

[global]
 log file = /var/log/samba/%m.log
 smb passwd file = /etc/samba/smbpasswd
 load printers = yes
 passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192  obey pam restrictions = yes  wins server = xx.xx.xx.xx  encrypt passwords = yes  hosts allow = xx.xx  passwd program = /usr/bin/passwd %u  dns proxy = no  netbios name = netname  server string = serverstring  printing = cups  password server = pdc bdc  unix password sync = Yes  local master = no  remote announce = pdc  workgroup = DOMAIN  os level = 2  printcap name = /etc/printcap  security = domain  preferred master = no  max log size = 0  pam password change = yes
        username map = /etc/samba/smbusers
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        template homedir = /home/%U
        winbind separator = +
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template shell = /bin/bash
        add user script = /usr/sbin/adduser -d /home/%D/%U %u



/etc/pam.d/login

#%PAM-1.0
auth       required pam_securetty.so
auth       required pam_stack.so service=system-auth
auth       required pam_nologin.so
account    required pam_stack.so service=system-auth
password   required pam_stack.so service=system-auth
session    required pam_stack.so service=system-auth
session    optional pam_console.so
account    sufficient  /lib/security/pam_winbind.so
session    required    /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0022


/etc/pam.d/samba

#%PAM-1.0
auth       required pam_nologin.so
auth       required     pam_env.so
auth       required pam_stack.so service=system-auth
auth       sufficient   pam_ldap.so
auth       sufficient   pam_smb_auth.so use_first_pass
auth       sufficient   pam_unix.so likeauth nullok try_first_pass
auth       required     pam_deny.so
account    required pam_stack.so service=system-auth
session    required pam_stack.so service=system-auth
password   required pam_stack.so service=system-auth


/etc/pam.d/system-auth

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3
type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so



/etc/pam_smb.conf

DOMAIN
pdc
bdc

(substitute actual domain and netbios names of pdc and bdc)



What should I check next? Any help would be appreciated.

Michael Salmons
salmonsm at missouri.edu











--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list