[Samba] ntlm_auth = NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)
Rowley, Mathew
Mathew_Rowley at cable.comcast.com
Thu Nov 11 14:22:18 MST 2010
I had to downgrade samba on a rh5.5 instance due to ntlm_auth not working properly: https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=561325
Now, when I add the computer to the domain ('net ads join –U Administrator') it seems to work, is visible on the AD interface, but the logs show an error:
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:idmap_alloc_init(589)
Nov 11 16:03:22 rhclient winbindd[4483]: ERROR: Initialization failed for alloc backend, deferred!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap_alloc(201)
Nov 11 16:03:22 rhclient winbindd[4483]: idmap_alloc module ldap already registered!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap_alloc(201)
Nov 11 16:03:22 rhclient winbindd[4483]: idmap_alloc module tdb already registered!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap(149)
Nov 11 16:03:22 rhclient winbindd[4483]: Idmap module passdb already registered!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap(149)
Nov 11 16:03:22 rhclient winbindd[4483]: Idmap module nss already registered!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:idmap_alloc_init(589)
Nov 11 16:03:22 rhclient winbindd[4483]: ERROR: Initialization failed for alloc backend, deferred!
Nov 11 16:03:22 rhclient pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0 Not Found
And wbinfo gives me nothing – so I am assuming there is a problem:
[root at rhclient samba]# wbinfo -u
[root at rhclient samba]# wbinfo -g
[root at rhclient samba]#
When trying to do a ntlm_auth, I get a funky error as well:
[root at rhclient samba]# ntlm_auth --request-nt-key --domain=VMSECLAB.CABLE.COMCAST.COM --username=user
password:
NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)
Yet, there is a login server in the samba.conf, and dns/reverse dns works:
[root at rhclient samba]# grep 'password server' /etc/samba/smb.conf
password server = ad.vmseclab.cable.com
[root at rhclient samba]# nslookup ad.vmseclab.cable.com
Server: 10.252.159.138
Address: 10.252.159.138#53
Name: ad.vmseclab.cable.com
Address: 10.252.159.138
[root at rhclient samba]# nslookup 10.252.159.138
Server: 10.252.159.138
Address: 10.252.159.138#53
138.159.252.10.in-addr.arpa name = ad.vmseclab.cable.com.
The samba logs show this when trying to ntlm_auth:
==> /var/log/samba/log.winbindd-dc-connect <==
[2010/11/11 16:16:55, 1] libads/cldap.c:recv_cldap_netlogon(157)
no reply received to cldap netlogon
[2010/11/11 16:16:55, 1] libads/ldap.c:ads_find_dc(427)
ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC
[2010/11/11 16:16:55, 1] libads/ldap.c:ads_find_dc(427)
ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC
[2010/11/11 16:17:25, 1] libads/cldap.c:recv_cldap_netlogon(157)
no reply received to cldap netlogon
[2010/11/11 16:17:25, 1] libads/ldap.c:ads_find_dc(427)
ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC
[2010/11/11 16:17:25, 1] libads/ldap.c:ads_find_dc(427)
ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC
Has anyone seen this, or have any clue what could be happening? It seems like my DC does not have cldap open/working? What port does that run over? If its normal ldap(389), I can telnet to that fine.
I am out of ideas, any help would be appreciated. Thanks.
More information about the samba
mailing list