[Samba] Domain problem...

Elvis Aaron Presley elvisa at terra.es
Wed Sep 27 10:59:21 GMT 2006


Hello, I've tried what you said and restarted samba and winbind... But
no success... :( After that, I re-joined to the domain, but the same
result... I see when I tried to rejoin to the domain in the PDC w2000
event log a 5722 event. This is the error message:

The session setup from the computer ORACLE failed to 
authenticate. The name of the account referenced in the 
security database is ORACLE$. The following error 
occurred: 
Access is denied.

But the user exist at the domain. ¿?

I see the log at /var/log/samba/log.winbindd with this:

[2006/09/27 11:39:50, 0] libads/kerberos.c:ads_kinit_password(164)
  kerberos_kinit_password ORACLE$@RXN32.BIZ failed: Cannot resolve
network address for KDC in requested realm
[2006/09/27 11:39:50, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(109)
  ads_connect for domain RXN32 failed: Cannot resolve network address
for KDC in requested realm

The log at /var/log/samba/log.wb-RXN32 has:

[2006/09/27 12:07:04, 0] libsmb/credentials.c:creds_client_check(256)
  creds_client_check: credentials check failed.
[2006/09/27 12:07:04, 0]
rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(898)
  rpccli_netlogon_sam_network_logon: credentials chain check failed
[2006/09/27 12:07:04, 0] libads/kerberos.c:ads_kinit_password(164)
  kerberos_kinit_password ORACLE$@RXN32.BIZ failed: Cannot resolve
network address for KDC in requested realm
[2006/09/27 12:07:04, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(109)
  ads_connect for domain RXN32 failed: Cannot resolve network address
for KDC in requested realm


But I'm not using kerberos. In addition, this errors are present too in
other older dates, and the server was working fine at that dates.

What can I do? I need to share folder on my debian to domain users... :S

Elvis

-----Mensaje original-----
De: Henrik Zagerholm [mailto:henke at mac.se] 
Enviado el: miércoles, 27 de septiembre de 2006 9:30
Para: Elvis Aaron Presley
CC: 'Lista Samba'
Asunto: Re: [Samba] Domain problem...


Hello,

winbind enum users = yes
winbind enum groups = yes

also check that getent passwd shows domain users.

Cheers,
Henrik

27 sep 2006 kl. 09:23 skrev Elvis Aaron Presley:

> Nobody knows any information or test for me? :(
>
> Elvis
>
> -----Mensaje original-----
> De: samba-bounces+elvisa=terra.es at lists.samba.org
> [mailto:samba-bounces+elvisa=terra.es at lists.samba.org] En nombre de 
> Elvis Aaron Presley Enviado el: martes, 26 de septiembre de 2006 14:04
> Para: Lista Samba
> Asunto: [Samba] Domain problem...
>
>
> Hello all, This is the first time I write to the list. Sorry about my 
> english...
>
> My Debian Sarge server was working perfectly with samba and winbind
> as a
> normal client in a Domain enviroment. I was able to share folders  
> on my
> linux machine giving rights to the domain users. Everything was  
> working
> until one day in that it crashed for some reason I don't know. I  
> didn't
> touch anything of my config files (smb.conf,nsswitch.conf) so I  
> suppose
> it's ok. The problem is that now, I can't do "wbinfo -u" successfully.
> It returns "Error looking domain users", so I can't share directories
> with domain users.
>
> Enviroment info:
>
> PDC: W2000 server (ip 192.168.1.102,netbios-name server32) with DNS 
> server
> Debian: domain client (ip 192.168.1.249,netbios-name oracle) with DNS 
> server
>
> Other clients in the network uses DNS1 192.168.1.102 and DNS2 
> 192.168.1.249 ... I don't know if this info is relevant.
>
> "net rpc join -S server32 -U Administrador%pass" returns "Joined
> domain
> RXN32." "wbinfo -m" returns "RXN32" <- is the netbios name of the  
> domain
> "wbinfo -t" returns "checking the trust secret via RPC calls  
> succeeded"
> "wbinfo -u" returns "Error looking up domain users" "wbinfo -g"  
> returns
> "Error looking up domain groups"
>
> Samba version 3.0.22 on debian machine. And in the domain exist the
> user
> "oracle" with password "realpwd".
>
> I've tried "wbinfo --authenticate=oracle%fakepwd" and return:
>
> plaintext password authentication failed
> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
> error messsage was: No such user
> Could not authenticate user oracle%fakepwd with plaintext password 
> challenge/response password authentication failed error code was 
> NT_STATUS_WRONG_PASSWORD (0xc000006a) error messsage was: Wrong
> Password
> Could not authenticate user oracle with challenge/response
>
> But if I try "wbinfo --authenticate=oracle%realpwd" it returns:
>
> plaintext password authentication failed
> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
> error messsage was: No such user
> Could not authenticate user oracle%realpwd with plaintext password 
> challenge/response password authentication succeeded
>
> What????? How is it possible? The user exist in the domain. I've tried

> delete it and create it again and same result. I've tried with other 
> user... But same result.
>
> How can this stop to work if I didn't change anything? Is possible
> that
> it happenned after apt-get dist-upgrade?
>
> This is the global part of my smb.conf but i supposse it's ok
> because it
> was working and nothing changed:
>
> [global]
>         workgroup = RXN32
>         security = DOMAIN
>         password server = server32
>         encrypt passwords = true
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         template shell = /bin/bash
>         winbind separator = +
>         netbios name = oracle
>
> I googled a lot, but with no luck... :(
>
> Thank for read this "big text", and sorry if this message is at 
> incorrect list. If there is a more specific list for this kind of 
> issues, please tell me.
>
> Thanks in advance and Regards.
>
> Elvis
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list