[Samba] CentOS 3.4 + Samba 3.0.9-1.3E.2, winbind problems

Sean Kennedy skennedy at tpno-co.org
Mon May 23 20:03:26 GMT 2005

John H Terpstra wrote:

>On Monday 23 May 2005 12:59, Sean Kennedy wrote:
>>John H Terpstra wrote:
>>>On Monday 23 May 2005 11:23, Sean Kennedy wrote:
>>>>Hi all,
>>>>Thus far, I have managed to get wbinfo -[u|g] to display users/group
>>>>correctly, and getent passwd/group works.  However, wbinfo -t fails to
>>>>work, giving me this error:
>>>>[root at billing samba]# wbinfo -t
>>>>checking the trust secret via RPC calls failed
>>>>error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
>>>>Could not check secret
>>>Check the security settings on the ADS domain contollers. It looks like it
>>>may have been locked down to prevent remote access.
>>>- John T.
>>I don't know if it helps, but when I run winbindd -i -d3 and I do
>>`wbinfo -t`, this is the feedback I get from winbind:
>DC-1 is refusing the connection. The security settings on it need to be opened 
>- John T.
Hi John,

I'm sorry John, I'm not seeing the setting you are referring to.  Would 
this setting affect one machine while 2 others are able to communicate 

After reading through my output, this almost sounds like a signing error 
on the communications, which leads me to suspect that samba/kerberos 
doesn't have the require encryption somewhere along the way.  The reason 
I think that is because I see stuff like this in my logs: 
client_check_incoming_message: BAD SIG: wanted SMB signature of
[000] 65 83 B8 05 F9 ED C7 08                           e.......
client_check_incoming_message: BAD SIG: got SMB signature of
[000] DA 3C 6A 63 E5 B9 1F 82                           .<jc....

And then, further down, this:

srv_check_incoming_message: signing negotiated but not required and peer
isn't sending correct signatures. Turning off.

Could this be caused by what you were mentioning earlier?  I'm looking 
under the GP/Window Settings/Security Settings/Local Policies/Security 
Options and User Rights.  Is that the right place to find what you are 
referring to?

Thanks again for your help


More information about the samba mailing list