[Samba] NT_STATUS_PIPE_NOT_AVAILABLE and non working winbind auth

Carlos Rodrigues carlos.efr at mail.telepac.pt
Sat Apr 30 21:20:35 GMT 2005


At work I have an Active Directory domain (Windows 2003) which has the 
SFU schema extensions. Recently we set up all the Linux clients (SuSE 
9.2) to authenticate using LDAP (nss_ldap). But the main thing is that 
we added a Samba server (SuSE 9.0, samba 3.0.14a) to host the user's 
homes (somewhere in the future, their Windows profiles too). This server 
also has local LDAP authentication (it also serves as an SFTP server).

In this, samba using just "security = ADS" works just fine, as the 
uid/gid resolution is made "locally" through LDAP (using the LDAP 
attibutes added by SFU's schema extension to AD) and thus doesn't 
require winbind.

Using smbclient from within this server works using bothe kerberos and 
password authentication (more on this in a minute).

In the last few days, I thought of replicating this configuration to 
another machine, so that I could change it to use winbind (just for 
kicks, for now). I made sure this was working fine.

But... I just can't make winbind authentication work... local or samba.

The second I start winbind, access to this machine using smbclient and 
password stops working. The error is:

        "session setup failed: NT_STATUS_PIPE_NOT_AVAILABLE"

However, if I do a "kinit user" followed by "smbclient -k", it works 
(which proves kerberos authentication is still working).

Local authentication simply doesn't work... Although "getent 
passwd/group" returns the right thing, something like a "finger user" 
always fails.

"wbinfo -u", "wbinfo -g" and "wbinfo --sequence" also shows (apparently) 
correct output.

"wbinfo -t" outputs the following errors:

        "checking the trust secret via RPC calls failed
        error code was NT_STATUS_PIPE_NOT_AVAILABLE (0xc00000ac)
        Could not check secret"

This is starting to annoy me beyond reason. I've followed every howto 
out there and after many hours, it still doesn't work...

Any ideas?

Thanks in advance,
        Carlos Rodrigues

############### smb.conf ###############

        workgroup = ALUNOS
        realm = ALUNOS.DQ.FCT.UNL.PT
        server string = Samba Test Server
        security = ADS
        password server =
        load printers = no
        local master = no
        invalid users = root
        read only = No
        encrypt passwords = yes

        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind use default domain = yes
        template shell = /bin/bash
        winbind separator = +

        comment = Home Directories
        path = /home
        create mask = 0644
        browseable = no

More information about the samba mailing list