[Samba] Winbind Samba 3.5.1

Mark Ruys mark.ruys at in2sports.net
Fri Mar 12 09:43:20 MST 2010 

Somehow I can't figure out what's going wrong. I have a Samba server 
running as PDC. Workstations can join the domain and users can logon. So 
far so good. I need winbind to be able to authorize a radius server to 
the PDC. This I cannot achieve. If someone got give me a clue, I spend 
already quiet some time Google the net :(

Thanks,

Mark


# wibinfo -u
root
markr

# wbinfo -a markr%zzzzzzzz
plaintext password authentication failed
Could not authenticate user markr%zzzzzzzz with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
error messsage was: Invalid handle
Could not authenticate user markr with challenge/response

Winbind log shows:
[13916]: request interface version
[13916]: request location of privileged pipe
[13916]: pam auth markr
[13753]: dual pam auth markr
could not open handle to NETLOGON pipe
Plain-text authentication for user markr returned 
NT_STATUS_INVALID_HANDLE (PAM: 4)
[13916]: request interface version
[13916]: request misc info
[13916]: request netbios name
[13916]: request domain name
[13916]: domain_info [APPEL]
[13916]: pam auth crap domain: [APPEL] user: markr
[13753]: pam auth crap domain: APPEL user: markr
could not open handle to NETLOGON pipe (error: NT_STATUS_INVALID_HANDLE)
NTLM CRAP authentication for user [APPEL]\[markr] returned 
NT_STATUS_INVALID_HANDLE (PAM: 4)

# net rpc join -U Administrator
Enter Administrator's password:
Could not connect to server SANTANA
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

# cat /etc/samba/smbusers
root = administrator admin

# net rpc join -U root
Enter root's password:
Joined domain APPEL.

# net rpc join -S PDC
Unable to find a suitable server for domain APPEL
Unable to find a suitable server for domain APPEL




This is smb.conf:

[global]
	workgroup = APPEL
	server string = Samba
	interfaces = 127.0.0.1, eth0
	bind interfaces only = Yes
	time server = Yes
	printcap name = cups
	add machine script = /usr/sbin/useradd -d /var/lib/nobody -g machines -s /bin/false -M -l %u
	logon script = startup.cmd
	logon path =
	logon drive = h:
	domain logons = Yes
	os level = 33
	preferred master = Auto
	domain master = Yes
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = Yes

[netlogon]
	comment = Network Logon Service
	path = /var/lib/samba/netlogon
	read only = No

[homes]
	read only = No

[Temp]
	...


-- 
Oudenhof 14b, 4191 NW Geldermalsen, The Netherlands
Web site and travel directions:   www.in2sports.net
Phone +31.88.0084102    ::    Mobile +31.6.51298623

More information about the samba mailing list