[Samba] Winbindd_privileged permissions pb on RHEL 4 AS

fabelli at strategie-info.com fabelli at strategie-info.com
Fri Feb 24 15:13:24 GMT 2006 

Hi, 

I've got an unbelievable problem : I'm trying to setup samba on RHEL 4 AS 
PPC(iSeries) to work with a Win2K domain controler. 
I use the same smb.conf file (and the same configuration procedure) on a 
Fedora 3 box too. I have no problem with the Fedora server, but on the 
RHEL 4 server, Windows clients are unable to browse the server and I've 
this strange error appearing in the log.winbindd file : 

[2006/02/23 18:16:35, 2] 
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429) 
  winbindd_pam_auth_crap: non-privileged access denied.  ! 
  winbindd_pam_auth_crap: Ensure permissions on 
/var/cache/samba/winbindd_privileged are set correctly. 
[2006/02/23 18:16:35, 2] 
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642) 
  NTLM CRAP authentication for user [(null)]\[(null)] returned 
NT_STATUS_ACCESS_DENIED (PAM: 4) 

The winbindd_privileged permissions are : 
drwxr-x---  2 root root 

My smb.conf file is : 

[global] 
    printing = cups 
    disable spoolss = Yes 
    show add printer wizard = No 
    dns proxy = no 
    security = DOMAIN 
    idmap uid = 15000-20000 
    idmap gid = 15000-20000 
    winbind use default domain = Yes 
    use sendfile = Yes 
     
    workgroup = STRATEGIE 
    netbios name = Svrlinux1 
    server string = Serveur Linux1 
     
    os level = 64 
        preferred master = yes 
        local master = yes 
     
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 
    log level = 2 
    log file = /var/log/samba/log.%m 
    load printers = no 
    printcap name = lpstat 
    max log size = 50 
     

I've followed these configuration steps without any problem : 
- Add the machine to the domain with net net rpc join -UmyUser%myPasswd 
- Run wbinfo -t 
- Run wbinfo -u et wbinfo -g to retrieve user and groups from the domain 
controler 
- Checked that winbind is working with getent passwd anWindowsUser 
- Tried to authenticate a user with wbinfo -a 
myWindowsUser%myWindowsPassword 

The latter command returns : 
plaintext password authentication succeeded 
challenge/response password authentication succeeded 

A google search about the winbind's error give me answers relating to 
squid, but I do not have it installed on my server. 

I've also tried to change the directory's permissions to 777 but then 
winbind crashes and complains with : 
lib/util_sock.c:create_pipe_sock(1056) 
  invalid permissions on socket directory 
/var/cache/samba/winbindd_privileged 

My samba version is : 3.0.10-1.4E.2 


Any clue would be appreciated. 

Regards. 

Fabrice ABELLI 
fabrice.abelli at wanadoo.fr

More information about the samba mailing list