samba - May 2004 - pam_winbind - losing domain membership

Hello,
I have the following setup:
SuSE 9.1 with samba and winbind installed. On the other side is a nt4
domain. I can join the domain with "net rpc join DOMAIN -U
administrator".
wbinfo -u shows me alle the users etc.
I integrated the pam_winbind.so in my pam configuration and users can
login with their nt login and password. Everything works fine.

After a while it seems that samba/winbind loses the association to the
domain. User cannot login anymore and the /var/log/messages shows
NT_STATUS_ACCESS_DENIED.  After a new "net rpc join ...". The login
works again.

Anyone any ideas what could be the cause. I used the versions supplied
with SuSE 9.1.

Any help is highly appreciated.
Thanx.

Ciao,
Phil

Had a similar problem several weeks ago and it was a result of Samba
looking in the wrong directory for the secrets.tdb file. 

-- 
Nathan R. Valentine <nathan@nathanvalentine.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20040526/5670d362/attachment.bin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Philip Reetz wrote:
| Hello,
| I have the following setup:
| SuSE 9.1 with samba and winbind installed. On the other side is a nt4
| domain. I can join the domain with "net rpc join DOMAIN -U
| administrator".
| wbinfo -u shows me alle the users etc.
| I integrated the pam_winbind.so in my pam configuration and users can
| login with their nt login and password. Everything works fine.
|
| After a while it seems that samba/winbind loses the association to the
| domain. User cannot login anymore and the /var/log/messages shows
| NT_STATUS_ACCESS_DENIED.  After a new "net rpc join ...". The login
| works again.

Does a restart of winbindd fix it ?  Could be bug 1208.




cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAtNxxIR7qMdg1EfYRAuPEAKC1EQeU7AiVGmyGIskZhCl8x3fxtwCg07sS
fKo49MQjLgjmeWJzf+Ztc6Y=0EPx
-----END PGP SIGNATURE-----

Nathan R. Valentine wrote:
> Had a similar problem several weeks ago and it was a result of Samba
> looking in the wrong directory for the secrets.tdb file. 
> 
> 
Could you describe how you fixed it.
Thanx.
Phil

Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Philip Reetz wrote:
> | Hello,
> | I have the following setup:
> | SuSE 9.1 with samba and winbind installed. On the other side is a nt4
> | domain. I can join the domain with "net rpc join DOMAIN -U
> | administrator".
> | wbinfo -u shows me alle the users etc.
> | I integrated the pam_winbind.so in my pam configuration and users can
> | login with their nt login and password. Everything works fine.
> |
> | After a while it seems that samba/winbind loses the association to the
> | domain. User cannot login anymore and the /var/log/messages shows
> | NT_STATUS_ACCESS_DENIED.  After a new "net rpc join ...". The
login
> | works again.
> 
> Does a restart of winbindd fix it ?  Could be bug 1208.
> 
A restart of winbindd does not fix it. The problem sometimes appears for 
the first time after a complete computer reboot. Bug 1208 seems very ADS 
specific, but this is a NT4 environment.
Is there a problem when there is a w2k machine on the same pc in a dual 
boot configuration both integrated into the domain.

Ciao,
Phil

On Thu, 2004-05-27 at 05:32, Philip Reetz wrote:
> Gerald (Jerry) Carter wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Philip Reetz wrote:
> > | Hello,
> > | I have the following setup:
> > | SuSE 9.1 with samba and winbind installed. On the other side is a
nt4
> > | domain. I can join the domain with "net rpc join DOMAIN -U
> > | administrator".
> > | wbinfo -u shows me alle the users etc.
> > | I integrated the pam_winbind.so in my pam configuration and users
can
> > | login with their nt login and password. Everything works fine.
> > |
> > | After a while it seems that samba/winbind loses the association to
the
> > | domain. User cannot login anymore and the /var/log/messages shows
> > | NT_STATUS_ACCESS_DENIED.  After a new "net rpc join ...".
The login
> > | works again.
> > 
> > Does a restart of winbindd fix it ?  Could be bug 1208.
> > 
> 
> A restart of winbindd does not fix it. The problem sometimes appears for 
> the first time after a complete computer reboot. Bug 1208 seems very ADS 
> specific, but this is a NT4 environment.
Schannel bugs probably affect both.
> Is there a problem when there is a w2k machine on the same pc in a dual 
> boot configuration both integrated into the domain.
They should use different names.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20040527/8dea5ed3/attachment.bin

Philip Reetz wrote:
> Hello,
> I have the following setup:
> SuSE 9.1 with samba and winbind installed. On the other side is a nt4
> domain. I can join the domain with "net rpc join DOMAIN -U
> administrator".
> wbinfo -u shows me alle the users etc.
> I integrated the pam_winbind.so in my pam configuration and users can
> login with their nt login and password. Everything works fine.
> 
> After a while it seems that samba/winbind loses the association to the
> domain. User cannot login anymore and the /var/log/messages shows
> NT_STATUS_ACCESS_DENIED.  After a new "net rpc join ...". The
login
> works again.
> 
> Anyone any ideas what could be the cause. I used the versions supplied
> with SuSE 9.1.
> 
> Any help is highly appreciated.
> Thanx.
> 
> Ciao,
> Phil
I solved the problem. It was my own inability to step back and take a 
look at the whole situation.
The problem was not winbind, but the problem that the same computer was 
with w2k and linux with the same name member of the domain. That 
resulted in linux getting kicked out of the domain after a windows 
start. Actually quite simple and logically, but sometimes you try too hard.
Thanks to everyone who helped me by replying to my posting.

Ciao,
Phil