[Samba] Winbind ADS Issues w/ *TONS* of Pre-Research
Buchan Milne
bgmilne at obsidian.co.za
Fri May 14 14:24:48 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| Samba Team,
|
| I've been trying to get my Samba server to authenticate users against a
| Windows 2000 Active Directory domain controller, and it just doesn't
work.
| I've encountered a TREMENDOUS amount of postings from people who have run
| into the same issue, and there's never any responses with a resolution.
| I must have viewed more than 500 postings over the course of the day.
|
| I have a seemingly valid Samba configuration file. All of the `wbinfo
| -u`, `wbinfo -g`, `getent passwd`, and `getent group` commands work just
| fine. Howver, `wbinfo -t` and `wbinfo -a` don't work, and I can't
| authenticate users against the domain controller. As an example:
|
| [root at nasone samba]# net ads join -U Administrator
| Administrator's password:
| [2004/05/13 17:49:30, 0] libads/ldap.c:ads_add_machine_acct(1006)
| Host account for nasone already exists - modifying old account
| Using short domain name -- ECHUDSON
| Joined 'NASONE' to realm 'HUDSON-OFFICE.ECEDIINC.COM'
| [root at nasone samba]# net rpc join -U Administrator
| Password:
| Joined domain ECHUDSON.
^^^ Surely this is redundant?
| [root at nasone samba]# wbinfo -t
| checking the trust secret via RPC calls failed
| error code was NT_STATUS_UNSUCCESSFUL (0xc0000001)
| Could not check secret
| [root at nasone samba]#
|
| After trying to do the `wbinfo -t`, I see the following in 'winbindd.log':
|
| [2004/05/13 17:49:41, 2]
| libsmb/cliconnect.c:cli_session_setup_kerberos(535)
| Doing kerberos session setup
| [2004/05/13 17:49:41, 0] rpc_client/cli_pipe.c:rpc_auth_pipe(336)
| rpc_auth_pipe: wrong schannel auth len 24
This looks like https://bugzilla.samba.org/show_bug.cgi?id=1315, where
you will find a patch that fixed it for everyone who has tried
(including me).
The patch is also in the 3.0.4-2mdk packages in Mandrake cooker (and the
RPMS for Mandrake 9.1-10 that hopefully should be available soon on the
samba mirrors).
Regards,
Buchan
- --
Buchan Milne Senior Support Technician
Obsidian Systems http://www.obsidian.co.za
B.Eng RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFApNawrJK6UGDSBKcRAm1kAKC4oVmdGXxgDIKPehnslAEG0eED9ACfcXJe
LDeLPWp3/Y/fafXfcVMwPmY=
=byBX
-----END PGP SIGNATURE-----
More information about the samba
mailing list