[Samba] CentOS 3.4 + Samba 3.0.9-1.3E.2, winbind problems
Sean Kennedy
skennedy at tpno-co.org
Mon May 23 20:03:26 GMT 2005
John H Terpstra wrote:
>On Monday 23 May 2005 12:59, Sean Kennedy wrote:
>
>
>>John H Terpstra wrote:
>>
>>
>>>On Monday 23 May 2005 11:23, Sean Kennedy wrote:
>>>
>>>
>>>>Hi all,
>>>>
>>>>Thus far, I have managed to get wbinfo -[u|g] to display users/group
>>>>correctly, and getent passwd/group works. However, wbinfo -t fails to
>>>>work, giving me this error:
>>>>
>>>>[root at billing samba]# wbinfo -t
>>>>checking the trust secret via RPC calls failed
>>>>error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
>>>>Could not check secret
>>>>
>>>>
>>>Check the security settings on the ADS domain contollers. It looks like it
>>>may have been locked down to prevent remote access.
>>>
>>>- John T.
>>>
>>>
>>I don't know if it helps, but when I run winbindd -i -d3 and I do
>>`wbinfo -t`, this is the feedback I get from winbind:
>>
>>
>
>DC-1 is refusing the connection. The security settings on it need to be opened
>up.
>
>- John T.
>
>
Hi John,
I'm sorry John, I'm not seeing the setting you are referring to. Would
this setting affect one machine while 2 others are able to communicate
fine?
After reading through my output, this almost sounds like a signing error
on the communications, which leads me to suspect that samba/kerberos
doesn't have the require encryption somewhere along the way. The reason
I think that is because I see stuff like this in my logs:
client_check_incoming_message: BAD SIG: wanted SMB signature of
[000] 65 83 B8 05 F9 ED C7 08 e.......
client_check_incoming_message: BAD SIG: got SMB signature of
[000] DA 3C 6A 63 E5 B9 1F 82 .<jc....
And then, further down, this:
srv_check_incoming_message: signing negotiated but not required and peer
isn't sending correct signatures. Turning off.
Could this be caused by what you were mentioning earlier? I'm looking
under the GP/Window Settings/Security Settings/Local Policies/Security
Options and User Rights. Is that the right place to find what you are
referring to?
Thanks again for your help
Sean
More information about the samba
mailing list