[Samba] ntlm_auth: (pipe \PIPE\NETLOGON) has died or was never started (fd == -1)

Francesco Malvezzi malvezzi.francesco at unimo.it
Sun Jan 29 16:45:24 GMT 2006 

I'm exeperiencing a strange ntlm_auth problem:
I'm running two domain with a trust; the trusting one,
(EUFEMIA with the PDC Beatrice) uses the WINS facility of
the trusted one (LETTERE, PDC Alice).

Users of EUFEMIA and LETTERE alike have a successful logon to
Beatrice.

LETTERE users do authenticate in Beatrice with ntlm_auth.
EUFEMIA users do not:
beatrice:/home# ntlm_auth --username user1 --password ****** --domain
EUFEMIA
NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)

(by the way wbinfo -a returns something similar):
beatrice:/home# wbinfo -aEUFEMIA\\user1%******
plaintext password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user EUFEMIA\\user1%****** with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user EUFEMIA\\user1%****** with challenge/response

Please note EUFEMIA\\user1 has login throught command:
smbclient -UEUFEMIA\\user1%****** -L beatrice.

 From Beatrice (and from Alice alike), I can correctly list the Browse
master
and PDC of EUFEMIA with nmblookup. nmblookup -S EUFEMIA returns
bearice with the <1C> tag (and <1D> as well).

I have no idea what "No logon servers" means. The logs from winbindd are:

[2006/01/29 10:56:23, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
   [29121]: request interface version
[2006/01/29 10:56:23, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
   [29121]: request location of privileged pipe
[2006/01/29 10:56:23, 3] nsswitch/winbindd_misc.c:winbindd_info(248)
   [29121]: request misc info
[2006/01/29 10:56:23, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(179)
   [29121]: pam auth EUFEMIA\user1
[2006/01/29 10:56:23, 3] nsswitch/winbindd_cm.c:connection_ok(724)
   Connection to  for domain EUFEMIA (pipe \PIPE\NETLOGON) has died or
was never started (fd == -1)
[2006/01/29 10:56:23, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
   cm_get_ipc_userpass: No auth-user defined
[2006/01/29 10:56:33, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
   cli_pipe: return critical error. Error was Call timed out: server did
not respond after 10000 milliseconds
[2006/01/29 10:56:33, 3] nsswitch/winbindd_cm.c:connection_ok(724)
   Connection to  for domain EUFEMIA (pipe \PIPE\NETLOGON) has died or
was never started (fd == -1)
[2006/01/29 10:56:33, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
   cm_get_ipc_userpass: No auth-user defined
[2006/01/29 10:56:43, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
   cli_pipe: return critical error. Error was Call timed out: server did
not respond after 10000 milliseconds
[2006/01/29 10:56:43, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth(361)
   Plain-text authentication for user EUFEMIA\user1 returned
NT_STATUS_NO_LOGON_SERVERS (PAM: 4)
[2006/01/29 10:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
   [29122]: request interface version
[2006/01/29 10:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
   [29123]: request interface version
[2006/01/29 10:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
   [29122]: request location of privileged pipe
[2006/01/29 10:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
   [29123]: request location of privileged pipe
[2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
   [29122]: getpwnam user1
[2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
   [29123]: getpwnam user1
[2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
   [29123]: getpwnam user1
[2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
   [29122]: getpwnam user1

What does
   Connection to  for domain EUFEMIA (pipe \PIPE\NETLOGON) has died or
was never started (fd == -1)
mean?

Alice is a Fedora Core 1 Samba3.0.21a server.
Beatrice is a Debian GNU/Linux Samba3.0.14a server.

I need ntlm_auth because squid runs on beatrice.
beatrice:/home$ testparm -v | grep win
	name resolve order = wins lmhosts host bcast
         max wins ttl = 518400
         min wins ttl = 21600
         wins proxy = No
         wins server = (IP address of alice)
         wins support = No
         wins hook =
         wins partners =
         winbind separator = \
         winbind cache time = 300
         winbind enable local accounts = No
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind use default domain = No
         winbind trusted domains only = No
         winbind nested groups = No

I have level 10 log from winbindd and from smbd but they are huge.
If you need them, just ask.

Thank to everyone patient enought to read this post,

Again, thank you,

Francesco

More information about the samba mailing list