[Samba] Winbind ADS Issues w/ *TONS* of Pre-Research

Buchan Milne bgmilne at obsidian.co.za
Fri May 14 14:24:48 GMT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


| Samba Team,
|
| I've been trying to get my Samba server to authenticate users against a
| Windows 2000 Active Directory domain controller, and it just doesn't
work.
| I've encountered a TREMENDOUS amount of postings from people who have run
| into the same issue, and there's never any responses with a resolution.
| I must have viewed more than 500 postings over the course of the day.
|
| I have a seemingly valid Samba configuration file.  All of the `wbinfo
| -u`, `wbinfo -g`, `getent passwd`, and `getent group` commands work just
| fine.  Howver, `wbinfo -t` and `wbinfo -a` don't work, and I can't
| authenticate users against the domain controller.  As an example:
|
|   [root at nasone samba]# net ads join -U Administrator
|   Administrator's password:
|   [2004/05/13 17:49:30, 0] libads/ldap.c:ads_add_machine_acct(1006)
|     Host account for nasone already exists - modifying old account
|   Using short domain name -- ECHUDSON
|   Joined 'NASONE' to realm 'HUDSON-OFFICE.ECEDIINC.COM'
|   [root at nasone samba]# net rpc join -U Administrator
|   Password:
|   Joined domain ECHUDSON.

^^^ Surely this is redundant?

|   [root at nasone samba]# wbinfo -t
|   checking the trust secret via RPC calls failed
|   error code was NT_STATUS_UNSUCCESSFUL (0xc0000001)
|   Could not check secret
|   [root at nasone samba]#
|
| After trying to do the `wbinfo -t`, I see the following in 'winbindd.log':
|
|   [2004/05/13 17:49:41, 2]
|     libsmb/cliconnect.c:cli_session_setup_kerberos(535)
|     Doing kerberos session setup
|   [2004/05/13 17:49:41, 0] rpc_client/cli_pipe.c:rpc_auth_pipe(336)
|     rpc_auth_pipe: wrong schannel auth len 24

This looks like https://bugzilla.samba.org/show_bug.cgi?id=1315, where
you will find a patch that fixed it for everyone who has tried
(including me).

The patch is also in the 3.0.4-2mdk packages in Mandrake cooker (and the
RPMS for Mandrake 9.1-10 that hopefully should be available soon on the
samba mirrors).

Regards,
Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFApNawrJK6UGDSBKcRAm1kAKC4oVmdGXxgDIKPehnslAEG0eED9ACfcXJe
LDeLPWp3/Y/fafXfcVMwPmY=
=byBX
-----END PGP SIGNATURE-----

More information about the samba mailing list