[Samba] Winbind lost domain

Mailing pigna lucapml at gmail.com
Wed May 27 14:22:43 GMT 2009 

Hi all.
I have a problem whith winbind authentication.
I have 2 samba domains, DOMA and DOMB, and these domains have trust in one
another.

On both pdc winbind is installed.

I installed a proxy server using squid with ntlm authentication. I install
on the server:
squid
samba
winbind
I have modify the smb.conf on proxy:
[global]
  workgroup = DOMA
  server string = PROXY DOMA
  password server = xxx.xxx.xxx.xxx,yyy.yyy.yyy.yyy
  security = domain
  encrypt passwords = yes
  winbind separator = +
  winbind uid = 10000-20000
  winbind gid = 10000-20000
  winbind enum users = yes
  winbind enum groups = yes
  winbind use default domain = No
  log level = 2
  log file = /var/log/samba/%m.log
  max log size = 100000
  socket options = TCP_NODELAY
  wins server = xxx.xxx.xxx.xxx

I have run this comand:
#net rpc join -S PDC1 -U Administrator
and the proxy server as joined in the domain
Now this command executed successful:
#wbinfo -t
checking the trust secret via RPC calls succeeded
#wbinfo -u
DOMA+user1
DOMA+user2
DOMA+user3
DOMA+user4
ecc. ecc.
#wbinfo -a DOMA+user1%pwduser1
plaintext password authentication succeeded
challenge/response password authentication succeeded
Until here everything ok.
Every now and then but it seems that winbind loses the domain and users are
no longer able to navigate.
This is the log of winbind:
[2009/05/27 12:54:21, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR
received from remote machine SERVERA pipe \lsarpc fnum 0x74f0!
[2009/05/27 12:54:28, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR
received from remote machine SERVERA pipe \lsarpc fnum 0x751a!
[2009/05/27 14:48:36, 0] libsmb/clientgen.c:cli_receive_smb(111)
  Receiving SMB: Server stopped responding
[2009/05/27 14:48:36, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine SERVERA pipe \NETLOGON fnum 0x751ereturned
critical error. Error was Call timed out: server did not respon
d after 10000 milliseconds
[2009/05/27 14:48:36, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
  NTLM CRAP authentication for user [DOMA]\[gonzaga] returned
NT_STATUS_IO_TIMEOUT (PAM: 4)
[2009/05/27 14:48:36, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
  cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x751b to machine
SERVERA. Error was Call timed out: server did not respond a
fter 1000 milliseconds
[2009/05/27 14:48:36, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
  cli_rpc_pipe_close: cli_close failed on pipe \lsarpc, fnum 0x751c to
machine SERVERA. Error was Call timed out: server did not respond
 after 500 milliseconds
[2009/05/27 14:48:36, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x751e to
machine SERVERA. Error was Call timed out: server did not respo
nd after 500 milliseconds
[2009/05/27 14:48:46, 0] libsmb/clientgen.c:cli_receive_smb(111)
  Receiving SMB: Server stopped responding
[2009/05/27 14:48:57, 0] libsmb/clientgen.c:cli_receive_smb(111)
  Receiving SMB: Server stopped responding
[2009/05/27 14:49:07, 0] libsmb/clientgen.c:cli_receive_smb(111)
  Receiving SMB: Server stopped responding
[2009/05/27 14:49:07, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
  NTLM CRAP authentication for user [DOMA]\[user1] returned
NT_STATUS_IO_TIMEOUT (PAM: 4)
[2009/05/27 14:49:26, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
  NTLM CRAP authentication for user [DOMA]\[user2] returned
NT_STATUS_NO_LOGON_SERVERS (PAM: 9)
[2009/05/27 14:49:32, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
  NTLM CRAP authentication for user [DOMA]\[user3] returned
NT_STATUS_NO_LOGON_SERVERS (PAM: 9)
[2009/05/27 14:49:50, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
  NTLM CRAP authentication for user [DOMA]\[user4] returned
NT_STATUS_NO_LOGON_SERVERS (PAM: 9)
[2009/05/27 14:49:52, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
  NTLM CRAP authentication for user [DOMA]\[user4] returned
NT_STATUS_NO_LOGON_SERVERS (PAM: 9)
[2009/05/27 14:50:36, 4] nsswitch/winbindd_dual.c:fork_domain_child(1080)
  child daemon request 47
[2009/05/27 14:50:36, 8] nsswitch/winbindd_cm.c:connection_ok(1515)
  connection_ok: Connection to for domain DOMA has NULL cli!
[2009/05/27 14:50:36, 5] libsmb/namequery.c:saf_fetch(136)
  saf_fetch: Returning "SERVERA" for "DOMA" domain
[2009/05/27 14:50:36, 5] libads/dns.c:sitename_fetch(706)
  sitename_fetch: No stored sitename for
[2009/05/27 14:50:36, 5] libsmb/namecache.c:namecache_fetch(214)
  name SERVERA#20 found.
[2009/05/27 14:50:36, 6] libsmb/clientgen.c:write_socket(152)
  write_socket(18,72)
[2009/05/27 14:50:36, 6] libsmb/clientgen.c:write_socket(155)
  write_socket(18,72) wrote 72
[2009/05/27 14:50:36, 5] libsmb/cliconnect.c:cli_session_request(1407)
  Sent session request

If restart winbind on proxy server browsing resumed without problems.

Can you help?

More information about the samba mailing list