[Samba] Winbind lost domain
Mailing pigna
lucapml at gmail.com
Wed May 27 14:22:43 GMT 2009
Hi all.
I have a problem whith winbind authentication.
I have 2 samba domains, DOMA and DOMB, and these domains have trust in one
another.
On both pdc winbind is installed.
I installed a proxy server using squid with ntlm authentication. I install
on the server:
squid
samba
winbind
I have modify the smb.conf on proxy:
[global]
workgroup = DOMA
server string = PROXY DOMA
password server = xxx.xxx.xxx.xxx,yyy.yyy.yyy.yyy
security = domain
encrypt passwords = yes
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = No
log level = 2
log file = /var/log/samba/%m.log
max log size = 100000
socket options = TCP_NODELAY
wins server = xxx.xxx.xxx.xxx
I have run this comand:
#net rpc join -S PDC1 -U Administrator
and the proxy server as joined in the domain
Now this command executed successful:
#wbinfo -t
checking the trust secret via RPC calls succeeded
#wbinfo -u
DOMA+user1
DOMA+user2
DOMA+user3
DOMA+user4
ecc. ecc.
#wbinfo -a DOMA+user1%pwduser1
plaintext password authentication succeeded
challenge/response password authentication succeeded
Until here everything ok.
Every now and then but it seems that winbind loses the domain and users are
no longer able to navigate.
This is the log of winbind:
[2009/05/27 12:54:21, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR
received from remote machine SERVERA pipe \lsarpc fnum 0x74f0!
[2009/05/27 12:54:28, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR
received from remote machine SERVERA pipe \lsarpc fnum 0x751a!
[2009/05/27 14:48:36, 0] libsmb/clientgen.c:cli_receive_smb(111)
Receiving SMB: Server stopped responding
[2009/05/27 14:48:36, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
rpc_api_pipe: Remote machine SERVERA pipe \NETLOGON fnum 0x751ereturned
critical error. Error was Call timed out: server did not respon
d after 10000 milliseconds
[2009/05/27 14:48:36, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
NTLM CRAP authentication for user [DOMA]\[gonzaga] returned
NT_STATUS_IO_TIMEOUT (PAM: 4)
[2009/05/27 14:48:36, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x751b to machine
SERVERA. Error was Call timed out: server did not respond a
fter 1000 milliseconds
[2009/05/27 14:48:36, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
cli_rpc_pipe_close: cli_close failed on pipe \lsarpc, fnum 0x751c to
machine SERVERA. Error was Call timed out: server did not respond
after 500 milliseconds
[2009/05/27 14:48:36, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x751e to
machine SERVERA. Error was Call timed out: server did not respo
nd after 500 milliseconds
[2009/05/27 14:48:46, 0] libsmb/clientgen.c:cli_receive_smb(111)
Receiving SMB: Server stopped responding
[2009/05/27 14:48:57, 0] libsmb/clientgen.c:cli_receive_smb(111)
Receiving SMB: Server stopped responding
[2009/05/27 14:49:07, 0] libsmb/clientgen.c:cli_receive_smb(111)
Receiving SMB: Server stopped responding
[2009/05/27 14:49:07, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
NTLM CRAP authentication for user [DOMA]\[user1] returned
NT_STATUS_IO_TIMEOUT (PAM: 4)
[2009/05/27 14:49:26, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
NTLM CRAP authentication for user [DOMA]\[user2] returned
NT_STATUS_NO_LOGON_SERVERS (PAM: 9)
[2009/05/27 14:49:32, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
NTLM CRAP authentication for user [DOMA]\[user3] returned
NT_STATUS_NO_LOGON_SERVERS (PAM: 9)
[2009/05/27 14:49:50, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
NTLM CRAP authentication for user [DOMA]\[user4] returned
NT_STATUS_NO_LOGON_SERVERS (PAM: 9)
[2009/05/27 14:49:52, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
NTLM CRAP authentication for user [DOMA]\[user4] returned
NT_STATUS_NO_LOGON_SERVERS (PAM: 9)
[2009/05/27 14:50:36, 4] nsswitch/winbindd_dual.c:fork_domain_child(1080)
child daemon request 47
[2009/05/27 14:50:36, 8] nsswitch/winbindd_cm.c:connection_ok(1515)
connection_ok: Connection to for domain DOMA has NULL cli!
[2009/05/27 14:50:36, 5] libsmb/namequery.c:saf_fetch(136)
saf_fetch: Returning "SERVERA" for "DOMA" domain
[2009/05/27 14:50:36, 5] libads/dns.c:sitename_fetch(706)
sitename_fetch: No stored sitename for
[2009/05/27 14:50:36, 5] libsmb/namecache.c:namecache_fetch(214)
name SERVERA#20 found.
[2009/05/27 14:50:36, 6] libsmb/clientgen.c:write_socket(152)
write_socket(18,72)
[2009/05/27 14:50:36, 6] libsmb/clientgen.c:write_socket(155)
write_socket(18,72) wrote 72
[2009/05/27 14:50:36, 5] libsmb/cliconnect.c:cli_session_request(1407)
Sent session request
If restart winbind on proxy server browsing resumed without problems.
Can you help?
More information about the samba
mailing list