Hi everyone, I am having a difficult time with winbindd in order to connect to my shared directories on my HP-UX box. I am running samba 2.2.3a on HP-UX 11, and here is what's happenning: I can start winbindd (I'm using -i -d 3 to monitor it), and using wbinfo -u I can list the domain users. I have joined the domain using smbpasswd -r PDC -j DOMAIN -U admin%password, I get the reply that the domain was joined. However, if I try and do a wbinfo -t, I get "secret is bad". On my terminal running winbindd, the output is: Connecting to <DC IP> at port 445 cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed error connecting to domain password server: NT_STATUS_ACCESS_DENIED could not open handle to NETLOGON pipe Any ideas? thanks Jeff Pleau
Hi Jeff, Yeah - I think that smbpasswd lied to you. Try removing and recreating the machine account password for your samba server on the Win2k DC by HAND, instead of allowing smbpasswd to try to create it for you (make sure you check the box when you create the machine account that says that it can be used by prewin2k machines); THEN try smbpasswd -r PDC -j domain. Hope this helps Don -----Original Message----- From: jeff.pleau@webgain.com [mailto:jeff.pleau@webgain.com] Sent: Thursday, February 28, 2002 3:13 PM To: samba@lists.samba.org Subject: [Samba] Problem with Winbind Hi everyone, I am having a difficult time with winbindd in order to connect to my shared directories on my HP-UX box. I am running samba 2.2.3a on HP-UX 11, and here is what's happenning: I can start winbindd (I'm using -i -d 3 to monitor it), and using wbinfo -u I can list the domain users. I have joined the domain using smbpasswd -r PDC -j DOMAIN -U admin%password, I get the reply that the domain was joined. However, if I try and do a wbinfo -t, I get "secret is bad". On my terminal running winbindd, the output is: Connecting to <DC IP> at port 445 cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed error connecting to domain password server: NT_STATUS_ACCESS_DENIED could not open handle to NETLOGON pipe Any ideas? thanks Jeff Pleau -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Don, Thanks for the suggestion, but that's what I have been doing all along - create the account on the DC, then join the domain using smbpasswd - but I keep getting the NT_STATUS_ACCESS_DENIED error over and over again. I have deleted the account, MACHINE.SID, and secret.tdb file so many times I can't count them, but it still gets the error everytime. Thanks for the help Jeff -----Original Message----- From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] Sent: Thursday, February 28, 2002 4:20 PM To: 'jeff.pleau@webgain.com'; samba@lists.samba.org Subject: RE: [Samba] Problem with Winbind Hi Jeff, Yeah - I think that smbpasswd lied to you. Try removing and recreating the machine account password for your samba server on the Win2k DC by HAND, instead of allowing smbpasswd to try to create it for you (make sure you check the box when you create the machine account that says that it can be used by prewin2k machines); THEN try smbpasswd -r PDC -j domain. Hope this helps Don -----Original Message----- From: jeff.pleau@webgain.com [mailto:jeff.pleau@webgain.com] Sent: Thursday, February 28, 2002 3:13 PM To: samba@lists.samba.org Subject: [Samba] Problem with Winbind Hi everyone, I am having a difficult time with winbindd in order to connect to my shared directories on my HP-UX box. I am running samba 2.2.3a on HP-UX 11, and here is what's happenning: I can start winbindd (I'm using -i -d 3 to monitor it), and using wbinfo -u I can list the domain users. I have joined the domain using smbpasswd -r PDC -j DOMAIN -U admin%password, I get the reply that the domain was joined. However, if I try and do a wbinfo -t, I get "secret is bad". On my terminal running winbindd, the output is: Connecting to <DC IP> at port 445 cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed error connecting to domain password server: NT_STATUS_ACCESS_DENIED could not open handle to NETLOGON pipe Any ideas? thanks Jeff Pleau -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Jeff, what can I say? It works for me here w/o problem on HP-UX 11.0. Can you send me (offlist) a level ten debug for an attempt? As well as your smb.conf file and actual smbpasswd command line so I can check everything? Maybe something will jump out at me... Also, if you pre-create the machine account on your win2k dc, then you should NOT use the -U admin%password option; just join with smbpasswd -r PDC -j DOMAIN; get me the level 10 debug output of this as well, if you would... Thansk, Don -----Original Message----- From: jeff.pleau@webgain.com [mailto:jeff.pleau@webgain.com] Sent: Friday, March 01, 2002 9:29 AM To: don_mccall@hp.com; jeff.pleau@webgain.com; samba@lists.samba.org Subject: RE: [Samba] Problem with Winbind Don, Thanks for the suggestion, but that's what I have been doing all along - create the account on the DC, then join the domain using smbpasswd - but I keep getting the NT_STATUS_ACCESS_DENIED error over and over again. I have deleted the account, MACHINE.SID, and secret.tdb file so many times I can't count them, but it still gets the error everytime. Thanks for the help Jeff -----Original Message----- From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] Sent: Thursday, February 28, 2002 4:20 PM To: 'jeff.pleau@webgain.com'; samba@lists.samba.org Subject: RE: [Samba] Problem with Winbind Hi Jeff, Yeah - I think that smbpasswd lied to you. Try removing and recreating the machine account password for your samba server on the Win2k DC by HAND, instead of allowing smbpasswd to try to create it for you (make sure you check the box when you create the machine account that says that it can be used by prewin2k machines); THEN try smbpasswd -r PDC -j domain. Hope this helps Don -----Original Message----- From: jeff.pleau@webgain.com [mailto:jeff.pleau@webgain.com] Sent: Thursday, February 28, 2002 3:13 PM To: samba@lists.samba.org Subject: [Samba] Problem with Winbind Hi everyone, I am having a difficult time with winbindd in order to connect to my shared directories on my HP-UX box. I am running samba 2.2.3a on HP-UX 11, and here is what's happenning: I can start winbindd (I'm using -i -d 3 to monitor it), and using wbinfo -u I can list the domain users. I have joined the domain using smbpasswd -r PDC -j DOMAIN -U admin%password, I get the reply that the domain was joined. However, if I try and do a wbinfo -t, I get "secret is bad". On my terminal running winbindd, the output is: Connecting to <DC IP> at port 445 cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed error connecting to domain password server: NT_STATUS_ACCESS_DENIED could not open handle to NETLOGON pipe Any ideas? thanks Jeff Pleau -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
You're welcome! -----Original Message----- From: jeff.pleau@webgain.com [mailto:jeff.pleau@webgain.com] Sent: Friday, March 01, 2002 10:10 AM To: don_mccall@hp.com Subject: RE: [Samba] Problem with Winbind Hi Don, I didn't realize that I wasn't supposed to put the -U switch in the command line for joining the domain if the account was already created. I just tried adding it to the domain that way and, sure enough, I got Secret is good!!!!! Thanks so much for your help! Jeff -----Original Message----- From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] Sent: Friday, March 01, 2002 9:47 AM To: 'jeff.pleau@webgain.com'; MCCALL,DON (HP-USA,ex1); samba@lists.samba.org Subject: RE: [Samba] Problem with Winbind Jeff, what can I say? It works for me here w/o problem on HP-UX 11.0. Can you send me (offlist) a level ten debug for an attempt? As well as your smb.conf file and actual smbpasswd command line so I can check everything? Maybe something will jump out at me... Also, if you pre-create the machine account on your win2k dc, then you should NOT use the -U admin%password option; just join with smbpasswd -r PDC -j DOMAIN; get me the level 10 debug output of this as well, if you would... Thansk, Don -----Original Message----- From: jeff.pleau@webgain.com [mailto:jeff.pleau@webgain.com] Sent: Friday, March 01, 2002 9:29 AM To: don_mccall@hp.com; jeff.pleau@webgain.com; samba@lists.samba.org Subject: RE: [Samba] Problem with Winbind Don, Thanks for the suggestion, but that's what I have been doing all along - create the account on the DC, then join the domain using smbpasswd - but I keep getting the NT_STATUS_ACCESS_DENIED error over and over again. I have deleted the account, MACHINE.SID, and secret.tdb file so many times I can't count them, but it still gets the error everytime. Thanks for the help Jeff -----Original Message----- From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] Sent: Thursday, February 28, 2002 4:20 PM To: 'jeff.pleau@webgain.com'; samba@lists.samba.org Subject: RE: [Samba] Problem with Winbind Hi Jeff, Yeah - I think that smbpasswd lied to you. Try removing and recreating the machine account password for your samba server on the Win2k DC by HAND, instead of allowing smbpasswd to try to create it for you (make sure you check the box when you create the machine account that says that it can be used by prewin2k machines); THEN try smbpasswd -r PDC -j domain. Hope this helps Don -----Original Message----- From: jeff.pleau@webgain.com [mailto:jeff.pleau@webgain.com] Sent: Thursday, February 28, 2002 3:13 PM To: samba@lists.samba.org Subject: [Samba] Problem with Winbind Hi everyone, I am having a difficult time with winbindd in order to connect to my shared directories on my HP-UX box. I am running samba 2.2.3a on HP-UX 11, and here is what's happenning: I can start winbindd (I'm using -i -d 3 to monitor it), and using wbinfo -u I can list the domain users. I have joined the domain using smbpasswd -r PDC -j DOMAIN -U admin%password, I get the reply that the domain was joined. However, if I try and do a wbinfo -t, I get "secret is bad". On my terminal running winbindd, the output is: Connecting to <DC IP> at port 445 cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed error connecting to domain password server: NT_STATUS_ACCESS_DENIED could not open handle to NETLOGON pipe Any ideas? thanks Jeff Pleau -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Hello list, I've installed successfully samba 2.2.4 (binary) and the samba server (solaris 2.6) oitozx could join the W2K-domain HELIOS. wbinfo -t shows secret is good. But I can't retrieve the list of domain users or groups. wbinfo -u shows following error: Error looking up domain users. getent passwd shows only local users. After reboot the log.winbindd show the following entry: [2002/05/29 12:34:46, 0] nsswitch/winbindd.c:(614) process_loop: Invalid request size (11) send, should be (1304) my global section of smb.conf: [global] netbios name = OITOZX winbind separator = + winbind cache time = 15 winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes security = domain workgroup = HELIOS #DCs of the W2K domain password server = OITZ5N, OITZ6N, OITZ7N keep alive = 30 os level = 0 domain master = no local master = no preferred master = no username level = 8 password level = 8 encrypt passwords = yes socket options = TCP_NODELAY interfaces = 138.244.15.21/255.255.0.0 wins support = no wins server = 172.17.0.41 Any ideas? Thanks in advance, Birgit -------------- next part -------------- HTML attachment scrubbed and removed
List, I have installed Red Hat 8.0 and Samba. I have set up samba to use Winbind and I can getent passwd a name on the domain. I have set up the login and sshd files in pam.d to allow users to log in(also, added winbind to the nsswitch.conf file). I have also set up pam_mkhomedir.so to create the home folders. I have also set this up on a Red Hat 7.3 server with no problems. What I'm getting is this. When the user logs in, and puts in NT Domain username and password, it pauses for a sec, then the SSH term (Putty) simply disappears. In the secure log file, it states this sshd[2924]: fatal: PAM session setup failed[6]: Permission denied. Now, I ran into this problem before and updating the pam mods seems to fix this. However, the rpm for the pam mods are newer on the RH 8.0 box. Also, I have made sure that everyone has R X permissions on the pam_mkhomedir.so file. They also have the initial DOMAIN name specified in the home folder. Any Idea why permissions would be denied? If you need to see the config files for samba, let me know Any help would be great... Thanks -- Joe Giles jgiles@joeman1.com AOL: mcigiles ------- Registered Linux User #264910 http://counter.li.org -------
I login and autenticate to a win2000. but when I start wbinfo -t this says cold not check secret. What is this? Thanks wilson
I'm trying to get winbind working, so my Linux machines can authenticate users from the local NT domain. I've used the docs at http://us2.samba.org/samba/ftp/cvs_current/docs/htmldocs/winbind.html as well as http://www.sin.khk.be/~dj/ and http://www.mandrakeuser.org/docs/connect/csamba5.html to work on this. It seems to be kinda-mostly working... I can use wbinfo, getent, etc. and see users on th domain and such. However, I cannot login as an NT user, *and* nothing is logged to /var/log/secure, /var/log/messages, or anywhere in /var/log/samba when I try. I'm dealing with Red Hat 8.0 and samba-2.2.7-2 from updates.rdhat.com -- John Oliver, CCNA http://www.john-oliver.net/ Linux/UNIX/network consulting http://www.john-oliver.net/resume/ *** sendmail, Apache, ftp, DNS, spam filtering *** **** Colocation, T1s, web/email/ftp hosting ****