[Samba] winbind problem, have workaround but...

fred.samba at fredsnet.org fred.samba at fredsnet.org
Wed Aug 22 22:24:18 GMT 2007


Greetings list,

I have a member server in a w2k3 AD domain that has been happily spinning
for a couple of years. As of yesterday morning, we've been having some
issues with it.  I've had it configured correctly, and haven't touched it.
 I'll provide the configs if needed.

I've kept it updated as time's gone on for security updates etc..

the wonkyness seems to rear is head when winbindd gets restartes.  In the
log.winbindd file I get a tremendous amount of these

2007/08/22 10:23:42, 0] rpc_client/cli_pipe.c:cli_nt_setup_netsec(1622)
  Could not initialise \PIPE\NETLOGON
[2007/08/22 10:23:42, 0] rpc_client/cli_pipe.c:cli_nt_setup_netsec(1622)
  Could not initialise \PIPE\NETLOGON
[2007/08/22 10:23:42, 0] rpc_client/cli_pipe.c:cli_nt_setup_netsec(1622)
  Could not initialise \PIPE\NETLOGON
[2007/08/22 10:23:42, 0] rpc_client/cli_pipe.c:cli_nt_setup_netsec(1622)
  Could not initialise \PIPE\NETLOGON

but they stop as soon as I issue

# net ads changetrustpw

then it seems to connect and all is well until winbind gets restarted.

I was following a lot of logs at lev3 yesterday, and some users were able
to authenticate, on one machine but not on others..etc.. it was all very
wonky until I did the net ads changetrustpw

I can provide any information needed.  I'm running mandriva corp server 3
with samba 3.014a. patched up to (CVE-2007-2444) (I think that's post
3.023d)

I'm perplexed, and not sure what the proper permanent fix for it is.  I'm
thinking about removing it from the domain, and re-joining it, but I'm not
sure what precisely is needed.  (what files to delete, which ones to copy
off etc..)  I don't want to lose the winbindd_idmap.tdb or anything
important.  (I do back these up...)

any help would be greatly appreciated.

Kindest regards,
Fred dussault


More information about the samba mailing list