[Samba] CentOS 3.4 + Samba 3.0.9-1.3E.2, winbind problems

John H Terpstra jht at Samba.Org
Mon May 23 19:08:44 GMT 2005


On Monday 23 May 2005 12:59, Sean Kennedy wrote:
> John H Terpstra wrote:
> >On Monday 23 May 2005 11:23, Sean Kennedy wrote:
> >>Hi all,
> >>
> >>Thus far, I have managed to get wbinfo -[u|g] to display users/group
> >>correctly, and getent passwd/group works.  However, wbinfo -t fails to
> >>work, giving me this error:
> >>
> >>[root at billing samba]# wbinfo -t
> >>checking the trust secret via RPC calls failed
> >>error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
> >>Could not check secret
> >
> >Check the security settings on the ADS domain contollers. It looks like it
> > may have been locked down to prevent remote access.
> >
> >- John T.
>
> I don't know if it helps, but when I run winbindd -i -d3 and I do
> `wbinfo -t`, this is the feedback I get from winbind:

DC-1 is refusing the connection. The security settings on it need to be opened 
up. 

- John T.

>
> [ 1990]: request interface version
> [ 1990]: request location of privileged pipe
> [ 1990]: check machine account
> Connected to LDAP server 192.168.1.3
> got ldap server name dc-1 at BOCA.PRI, using bind path: dc=BOCA,dc=PRI
> IPC$ connections done anonymously
> Connecting to host=DC-1
> Connecting to 192.168.1.3 at port 445
> Doing spnego session setup (blob length=102)
> got OID=1 2 840 48018 1 2 2
> got OID=1 2 840 113554 1 2 2
> got OID=1 2 840 113554 1 2 2 3
> got OID=1 3 6 1 4 1 311 2 2 10
> got principal=dc-1$@BOCA.PRI
> Doing kerberos session setup
> Ticket in ccache[MEMORY:cliconnect] expiration Mon, 23 May 2005 21:57:08
> GMT failed tcon_X with NT_STATUS_ACCESS_DENIED
> Connecting to host=DC-1
> Connecting to 192.168.1.3 at port 445
> Doing spnego session setup (blob length=102)
> got OID=1 2 840 48018 1 2 2
> got OID=1 2 840 113554 1 2 2
> got OID=1 2 840 113554 1 2 2 3
> got OID=1 3 6 1 4 1 311 2 2 10
> got principal=dc-1$@BOCA.PRI
> Doing kerberos session setup
> Ticket in ccache[MEMORY:cliconnect] expiration Mon, 23 May 2005 21:57:08
> GMT failed tcon_X with NT_STATUS_ACCESS_DENIED
> Connecting to host=DC-1
> Connecting to 192.168.1.3 at port 445
> Doing spnego session setup (blob length=102)
> got OID=1 2 840 48018 1 2 2
> got OID=1 2 840 113554 1 2 2
> got OID=1 2 840 113554 1 2 2 3
> got OID=1 3 6 1 4 1 311 2 2 10
> got principal=dc-1$@BOCA.PRI
> Doing kerberos session setup
> Ticket in ccache[MEMORY:cliconnect] expiration Mon, 23 May 2005 21:57:08
> GMT failed tcon_X with NT_STATUS_ACCESS_DENIED
> Could not open a connection to BOCA for \PIPE\NETLOGON
> (NT_STATUS_ACCESS_DENIED)
> could not open handle to NETLOGON pipe
> Checking the trust account password returned NT_STATUS_ACCESS_DENIED
>
>
>
> Don't know if this helps or not, but if it does, here you go.  ( Names
> were not changed to protect the innocent :) )
>
> Sean

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.


More information about the samba mailing list