[Samba] \PIPE\NETLOGON (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)

Michael Wray mwray at aimconnect.com
Mon Apr 18 18:39:49 GMT 2005 

Help,

wbinfo -t fails with the error in subject, and getting sids of groups that 
aren't BUILTIN fail. Everything else seems to work.  Note: I am not 
converting my kerberos tickets to krb4, is this necessary?  (It used to work 
without it..but now it seems not to work.)  I get no errors from kinit. 

all other wbinfo requests succeed with the exception of looking up the SIDS of 
groups that aren't BUILTIN.

I need to get the SIDS for my application.

net ads testjoin succeeds, as does net rpc testjoin.

Get the exact same error on 2 different domains, one is 2003 the other is 2000 
Active Directory on both.

smb.conf

#======================= Global Settings =====================================
[global]

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d
server string = Filtering Server
log file = /var/log/samba/log.%m
max log size = 50
security = ads
socket options = TCP_NODELAY
dns proxy = no
encrypt passwords = true
   passdb backend = smbpasswd guest
winbind enum users = yes
winbind enum groups = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
workgroup = S4FTEST
password server  = server03test.test.com
realm=test.com
# use spnego = yes   # 2003 breaks with and without this statement
winbind separator = \\
winbind use default domain = yes
                                    


krb5.conf
[libdefaults]
        default_realm = TEST.COM
# The following krb5.conf variables are only for MIT Kerberos.
#       default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
#       default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
        default_etypes = des-cbc-crc des-cbc-md5
        default_etypes_des = des-cbc-crc des-cbc-md5
#       permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
#       krb4_config = /etc/krb.conf
#       krb4_realms = /etc/krb.realms
#       kdc_timesync = 1
#       ccache_type = 4
        forwardable = true
        proxiable = true
        krb4_get_tickets=no
# The following libdefaults parameters are only for Heimdal Kerberos.
#       v4_instance_resolve = false
##      v4_name_convert = {
#               host = {
#                       rcmd = host
#                       ftp = ftp
#               }
#               plain = {
#                       something = something-else
#               }
#       }
[realms]
TEST.COM = {
        kdc = server03test.test.com       
        admin_server = server03test.test.com
        default_domain = test.com
}

[domain_realm]
        .test.com = TEST.COM




log.winbindd without spnego

 [15001]: request interface version
[2005/04/18 13:31:54, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [15001]: request location of privileged pipe
[2005/04/18 13:31:54, 3] 
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(41)
  [15001]: check machine account
[2005/04/18 13:31:54, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(106)
  IPC$ connections done by user S4FTEST\Administrator
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708)
  Doing spnego session setup (blob length=113)
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 2 840 48018 1 2 2
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 2 840 113554 1 2 2
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 2 840 113554 1 2 2 3
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 3 6 1 4 1 311 2 2 10
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740)
  got principal=server03test$@S4FTEST.COM
[2005/04/18 13:31:54, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(533)
  Doing kerberos session setup
[2005/04/18 13:31:54, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(318)
  Ticket in ccache[MEMORY:cliconnect] expiration Mon, 18 Apr 2005 23:29:32 GMT
[2005/04/18 13:31:54, 0] libsmb/smb_signing.c:signing_good(240)
  signing_good: BAD SIG: seq 1
[2005/04/18 13:31:54, 0] libsmb/clientgen.c:cli_receive_smb(121)
  SMB Signature verification failed on incoming packet!
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708)
  Doing spnego session setup (blob length=113)
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 2 840 48018 1 2 2
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 2 840 113554 1 2 2
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 2 840 113554 1 2 2 3
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 3 6 1 4 1 311 2 2 10
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740)
  got principal=server03test$@S4FTEST.COM
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup_ntlmssp(615)
  Failed to send NTLMSSP/SPNEGO blob to server!
[2005/04/18 13:31:54, 3] libsmb/cliconnect.c:cli_session_setup(861)
  SPNEGO login failed: Undetermined error
[2005/04/18 13:31:54, 3] nsswitch/winbindd_cm.c:new_cm_connection(755)
  Could not open a connection to S4FTEST for \PIPE\NETLOGON 
(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
[2005/04/18 13:31:54, 3] 
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68)
  could not open handle to NETLOGON pipe
[2005/04/18 13:31:54, 2] 
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98)
  Checking the trust account password returned 
NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND



log.winbindd with spnego

[2005/04/18 13:40:02, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [16950]: request interface version
[2005/04/18 13:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [16950]: request location of privileged pipe
[2005/04/18 13:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
  [16950]: getgroups amavis
[2005/04/18 13:40:02, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [16943]: request interface version
[2005/04/18 13:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [16943]: request location of privileged pipe
[2005/04/18 13:40:02, 3] 
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(41)
  [16943]: check machine account
[2005/04/18 13:40:02, 3] nsswitch/winbindd_cm.c:new_cm_connection(755)
  Could not open a connection to S4FTEST for \PIPE\NETLOGON 
(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
[2005/04/18 13:40:02, 3] 
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68)
  could not open handle to NETLOGON pipe
[2005/04/18 13:40:02, 2] 
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98)
  Checking the trust account password returned 
NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND
[2005/04/18 13:40:02, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [16957]: request interface version
[2005/04/18 13:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [16957]: request location of privileged pipe
[2005/04/18 13:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
  [16957]: getgroups root
[2005/04/18 13:40:02, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [16963]: request interface version
[2005/04/18 13:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [16963]: request location of privileged pipe
[2005/04/18 13:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
  [16963]: getgroups postfix
[2005/04/18 13:40:02, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [16964]: request interface version
[2005/04/18 13:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [16964]: request location of privileged pipe
[2005/04/18 13:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
  [16964]: getgroups root
[2005/04/18 13:40:02, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [16966]: request interface version
[2005/04/18 13:40:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [16966]: request location of privileged pipe
[2005/04/18 13:40:02, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1004)
  [16966]: getgroups postfix
[2005/04/18 13:40:46, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [17211]: request interface version
[2005/04/18 13:40:46, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [17211]: request location of privileged pipe
[2005/04/18 13:40:46, 3] 
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(41)
  [17211]: check machine account
[2005/04/18 13:40:46, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(106)
  IPC$ connections done by user S4FTEST\Administrator
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708)
  Doing spnego session setup (blob length=113)
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 2 840 48018 1 2 2
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 2 840 113554 1 2 2
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 2 840 113554 1 2 2 3
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 3 6 1 4 1 311 2 2 10
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740)
  got principal=server03test$@S4FTEST.COM
[2005/04/18 13:40:46, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(533)
  Doing kerberos session setup
[2005/04/18 13:40:46, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(318)
  Ticket in ccache[MEMORY:cliconnect] expiration Mon, 18 Apr 2005 23:38:24 GMT
[2005/04/18 13:40:46, 0] libsmb/smb_signing.c:signing_good(240)
  signing_good: BAD SIG: seq 1
[2005/04/18 13:40:46, 0] libsmb/clientgen.c:cli_receive_smb(121)
  SMB Signature verification failed on incoming packet!
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708)
  Doing spnego session setup (blob length=113)
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 2 840 48018 1 2 2
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 2 840 113554 1 2 2
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 2 840 113554 1 2 2 3
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733)
  got OID=1 3 6 1 4 1 311 2 2 10
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740)
  got principal=server03test$@S4FTEST.COM
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_ntlmssp(615)
  Failed to send NTLMSSP/SPNEGO blob to server!
[2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup(861)
  SPNEGO login failed: Undetermined error
[2005/04/18 13:40:46, 3] nsswitch/winbindd_cm.c:new_cm_connection(755)
  Could not open a connection to S4FTEST for \PIPE\NETLOGON 
(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
[2005/04/18 13:40:46, 3] 
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68)
  could not open handle to NETLOGON pipe
[2005/04/18 13:40:46, 2] 
nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98)
  Checking the trust account password returned 
NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND

-- 
Michael Wray
AimConnect, an S4F Inc. Company
918.524.1010 ext 106
mwray at aimconnect.com
http://www.aimconnect.com

More information about the samba mailing list