[Samba] CentOS 3.4 + Samba 3.0.9-1.3E.2, winbind problems

Sean Kennedy skennedy at tpno-co.org
Mon May 23 18:59:54 GMT 2005 

John H Terpstra wrote:

>On Monday 23 May 2005 11:23, Sean Kennedy wrote:
>  
>
>>Hi all,
>>
>>Thus far, I have managed to get wbinfo -[u|g] to display users/group
>>correctly, and getent passwd/group works.  However, wbinfo -t fails to
>>work, giving me this error:
>>
>>[root at billing samba]# wbinfo -t
>>checking the trust secret via RPC calls failed
>>error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
>>Could not check secret
>>    
>>
>
>Check the security settings on the ADS domain contollers. It looks like it may 
>have been locked down to prevent remote access.
>
>- John T.
>
I don't know if it helps, but when I run winbindd -i -d3 and I do 
`wbinfo -t`, this is the feedback I get from winbind:

[ 1990]: request interface version
[ 1990]: request location of privileged pipe
[ 1990]: check machine account
Connected to LDAP server 192.168.1.3
got ldap server name dc-1 at BOCA.PRI, using bind path: dc=BOCA,dc=PRI
IPC$ connections done anonymously
Connecting to host=DC-1
Connecting to 192.168.1.3 at port 445
Doing spnego session setup (blob length=102)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=dc-1$@BOCA.PRI
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration Mon, 23 May 2005 21:57:08 GMT
failed tcon_X with NT_STATUS_ACCESS_DENIED
Connecting to host=DC-1
Connecting to 192.168.1.3 at port 445
Doing spnego session setup (blob length=102)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=dc-1$@BOCA.PRI
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration Mon, 23 May 2005 21:57:08 GMT
failed tcon_X with NT_STATUS_ACCESS_DENIED
Connecting to host=DC-1
Connecting to 192.168.1.3 at port 445
Doing spnego session setup (blob length=102)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=dc-1$@BOCA.PRI
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration Mon, 23 May 2005 21:57:08 GMT
failed tcon_X with NT_STATUS_ACCESS_DENIED
Could not open a connection to BOCA for \PIPE\NETLOGON 
(NT_STATUS_ACCESS_DENIED)
could not open handle to NETLOGON pipe
Checking the trust account password returned NT_STATUS_ACCESS_DENIED

 

Don't know if this helps or not, but if it does, here you go.  ( Names 
were not changed to protect the innocent :) )

Sean

More information about the samba mailing list