[Samba] winbind -t fails to check secret
Greg Matheson
greg at nwt.net.au
Wed Nov 16 10:51:02 GMT 2005
Hi All,
I have just upgraded from Samba 3.0.7 to 3.0.20 on mandrake 10.1
Before upgrading I could add a machine account and admin (root) user to the password
backend, join to the domain and check the trust secret. All was well.
wbinfo -a name%password would authenticate, as I require for ntlm_auth with squid
(which was working well).
Now with the same layout, I do this :-
Add unix account for machine
nimfm$:x:401:400:Machine Account:/var/lib/samba/machines:/bin/false
add samba account with smbpasswd or pdbedit
pdbedit -m -a -u nimfm
Join the domain
[root at nimfm samba]# net rpc join PDC
Password:
Joined domain NIMFMNET.
[root at nimfm root]# wbinfo -t
checking the trust secret via RPC calls failed
error code was (0x0)
Could not check secret
Winbindd logs shows this when I do wbinfo -t
[2005/11/16 21:40:14, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(35)
[ 0]: check machine account
All password checks via smbclient to a service work as expected.
I have read untill my eyes blurr, checked nsswitch.conf for passwd and group winbind
settings, checked the pam_winbind.so bit are where they should be.
I have started from a clean slate (removing /var/cache/samba/*tdb and
/etc/samba/passwd.tdb and secrets.tdb ), numerous times but get to the same point.
Some funny things are happening with getent It seems that I get 2 lists of passwd or
group ie the users or groups appear twice, and no Domain Groups are listed in getent
group. ?
This is the pdbedit output for the machine account
[root at nimfm samba]# pdbedit -v nimfm$
Unix username: nimfm$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-3407367817-49127962-788306835-1802
Primary Group SID: S-1-5-21-3407367817-49127962-788306835-515
Full Name: Machine Account
Home Directory: \\nimfm\nimfm_\profile
HomeDir Drive:
Logon Script:
Profile Path: \\nimfm\Profiles\nimfm_
Domain: NIMFMNET
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Sat, 14 Dec 1901 07:45:51 GMT
Kickoff time: Sat, 14 Dec 1901 07:45:51 GMT
Password last set: Wed, 16 Nov 2005 21:03:26 GMT
Password can change: Wed, 16 Nov 2005 21:03:26 GMT
Password must change: Sat, 14 Dec 1901 07:45:51 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
And for the auth_user account
[root at nimfm samba]# pdbedit -v root
Unix username: root
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3407367817-49127962-788306835-1000
Primary Group SID: S-1-5-21-3407367817-49127962-788306835-1001
Full Name: root
Home Directory: \\nimfm\root\profile
HomeDir Drive:
Logon Script:
Profile Path: \\nimfm\Profiles\root
Domain: NIMFMNET
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Sat, 14 Dec 1901 07:45:51 GMT
Kickoff time: Sat, 14 Dec 1901 07:45:51 GMT
Password last set: Wed, 16 Nov 2005 19:13:52 GMT
Password can change: Wed, 16 Nov 2005 19:13:52 GMT
Password must change: Sat, 14 Dec 1901 07:45:51 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root at nimfm samba]# smbclient -L //NIMFM -Uroot
Password:
Domain=[NIMFMNET] OS=[Unix] Server=[Samba 3.0.20]
Sharename Type Comment
--------- ---- -------
netlogon Disk Network Logon Service
Profiles Disk
IPC$ IPC IPC Service (Samba Server 3.0.20)
ADMIN$ IPC IPC Service (Samba Server 3.0.20)
root Disk Home Directories
Domain=[NIMFMNET] OS=[Unix] Server=[Samba 3.0.20]
Server Comment
--------- -------
NIMFM Samba Server 3.0.20
Workgroup Master
--------- -------
NIMFMNET NIMFM
--
Regards
Greg Matheson
Systems Admin NWT Pty Ltd
More information about the samba
mailing list