[Samba] security = user vs security = domain and winbind trust
Aaron E.
ssureshot at gmail.com
Thu May 19 07:09:38 MDT 2011
If you require and more information let me know and thanks in advance ..
I'm working with dansguardian and squid with ntlm_auth.
I join squid to the domain and it works for 7 days. After 7 days to the
minute from the time I joined the server to the domain winbind decides
it has lost its trust. And then squid cant utilize ntlm_auth as it
requires winbind to function properly. I'm using the packaged version
from Ubuntu Lucid.. samba 3.4.7..
I guess from what I've researched winbind isn't able to change or
doesn't get updated with the machine password? CAn I force this somehow?
Does it have anything to do with the fact I don't have an AD domain and
using security = domain?
security = user (winbind doesn't return users or groups with wbinfo and
squid will not authenticate.)
security = domain ( winbind works for 7 days as does squid, once the 7
days is up I have to rejoin the machine to the domain in order to get it
in a working condition..)
My DC is a samba server with openldap as it's backend.
wbinfo -t returns the following
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret
Below is a snipet of winbind.log
initialize_winbindd_cache: clearing cache and re-creating with
version number 1
[2011/05/19 08:57:27, 2] winbindd/winbindd_util.c:235(add_trusted_domain)
Added domain BUILTIN S-1-5-32
[2011/05/19 08:57:27, 2] winbindd/winbindd_util.c:235(add_trusted_domain)
Added domain APPSRV5 S-1-5-21-2430456434-2706775456-2994855025
[2011/05/19 08:57:27, 2] winbindd/winbindd_util.c:235(add_trusted_domain)
Added domain EXAMPLE S-1-5-21-496710657-683828429-1874078741
[2011/05/19 08:57:28, 3] libsmb/cliconnect.c:940(cli_session_setup_spnego)
Doing spnego session setup (blob length=58)
[2011/05/19 08:57:28, 3] libsmb/cliconnect.c:967(cli_session_setup_spnego)
got OID=1.3.6.1.4.1.311.2.2.10
[2011/05/19 08:57:28, 3] libsmb/cliconnect.c:975(cli_session_setup_spnego)
got principal=NONE
[2011/05/19 08:57:28, 3] libsmb/ntlmssp.c:1023(ntlmssp_client_challenge)
Got challenge flags:
[2011/05/19 08:57:28, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60898215
[2011/05/19 08:57:28, 3] libsmb/ntlmssp.c:1045(ntlmssp_client_challenge)
NTLMSSP: Set final flags:
[2011/05/19 08:57:28, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60088215
[2011/05/19 08:57:28, 3] libsmb/ntlmssp_sign.c:342(ntlmssp_sign_init)
NTLMSSP Sign/Seal - Initialising with flags:
[2011/05/19 08:57:28, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60088215
[2011/05/19 08:57:28, 3] winbindd/winbindd_cm.c:570(cm_get_ipc_userpass)
cm_get_ipc_userpass: No auth-user defined
[2011/05/19 08:57:28, 1]
rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: RPC fault code
DCERPC_FAULT_OP_RNG_ERROR received from host NETFILES2!
[2011/05/19 08:57:31, 3]
winbindd/winbindd_misc.c:754(winbindd_interface_version)
[10751]: request interface version
[2011/05/19 08:57:31, 3]
winbindd/winbindd_misc.c:787(winbindd_priv_pipe_dir)
[10751]: request location of privileged pipe
[2011/05/19 08:57:31, 3]
winbindd/winbindd_misc.c:34(winbindd_check_machine_acct)
[10751]: check machine account
More information about the samba
mailing list