Hi, I just can't seem to get winbind to work on my BDC. I'm using FC3 and samba 3.0.20rc2. My PDC is RHEL4 running Samba 3.0.14a. / Openldap. I can join the BDC to the domain successfully using "net rpc join..." , but when i enter wbinfo -t to check the trust relationship i get checking the trust secret via RPC calls failed error code was (0x0) Could not check secret I placed a packet sniffer on the PDC to see what was happening and captured the folloing RPM_NETLOGON communication between the BDC and the PDC (see attached ethereal dump file). It appears to fail when the BDC looks for an account of the same name as the my domain - CEL. The question is , Do i need to create a trust account for my own domain ?. thanks for reading :) Ian -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:clancyian@cel.ie W : http://www.cel-europe.com
Ian Clancy wrote:> Hi, > I just can't seem to get winbind to work on my BDC. I'm using FC3 and > samba 3.0.20rc2. My PDC is RHEL4 running Samba 3.0.14a. / Openldap. > I can join the BDC to the domain successfully using "net rpc join..." > , but when i enter wbinfo -t to check the trust relationship i get > > checking the trust secret via RPC calls failed > error code was (0x0) > Could not check secret > > I placed a packet sniffer on the PDC to see what was happening and > captured the folloing RPM_NETLOGON communication between the BDC and > the PDC (see attached ethereal dump file). It appears to fail when the > BDC looks for an account of the same name as the my domain - CEL. The > question is , Do i need to create a trust account for my own domain ?. > thanks for reading :) > Ian >Forgot to attach the file. BTW, this is the log entry from my PDC. [2005/08/12 18:18:48, 5] rpc_parse/parse_prs.c:prs_debug(82) get_md4pw: Workstation CEL$: no account in domain [2005/08/12 18:18:48, 0] rpc_server/srv_netlog_nt.c:get_md4pw(244) 005c neg_flags: 400701ff -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:clancyian@cel.ie W : http://www.cel-europe.com
Ian Clancy
2005-Aug-15 08:22 UTC
[Samba] wbinfo -t not working on BDC (Attempt to bind using schannel without successful serverauth2)
Hi, Further to this. I'm recieving the following error in the log's of the BDC: Attempt to bind using schannel without successful serverauth2 regards, Ian Ian Clancy wrote:> Hi, > I just can't seem to get winbind to work on my BDC. I'm using FC3 and > samba 3.0.20rc2. My PDC is RHEL4 running Samba 3.0.14a. / Openldap. > I can join the BDC to the domain successfully using "net rpc join..." > , but when i enter wbinfo -t to check the trust relationship i get > > checking the trust secret via RPC calls failed > error code was (0x0) > Could not check secret > > I placed a packet sniffer on the PDC to see what was happening and > captured the folloing RPM_NETLOGON communication between the BDC and > the PDC (see attached ethereal dump file). It appears to fail when the > BDC looks for an account of the same name as the my domain - CEL. The > question is , Do i need to create a trust account for my own domain ?. > thanks for reading :) > Ian >-- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:clancyian@cel.ie W : http://www.cel-europe.com
All, An update on the following problem below. I've updated to 3.0.20 today and the problem remains. I think my problem lies with the NetrServerAuthenticate2 call that the BDC makes to the PDC. The bdc seems to be attempting to authenticate to the pdc using the account <mydomainname>$ instead of <mybdcname>? . The account <domainname>$ does not exist of course. Another thing i noticed is that it takes two attempts to join the domain. The first attempt returns "Creation of workstation account failed ". At the second attempt "Joined domain DOMAINNAME." is returned. Does anybody know where i can find more info about the NetrServerAuthenticate2 protocol ?. regards, Ian Ian Clancy wrote:> Hi, > I just can't seem to get winbind to work on my BDC. I'm using FC3 and > samba 3.0.20rc2. My PDC is RHEL4 running Samba 3.0.14a. / Openldap. > I can join the BDC to the domain successfully using "net rpc join..." > , but when i enter wbinfo -t to check the trust relationship i get > > checking the trust secret via RPC calls failed > error code was (0x0) > Could not check secret > > I placed a packet sniffer on the PDC to see what was happening and > captured the folloing RPM_NETLOGON communication between the BDC and > the PDC (see attached ethereal dump file). It appears to fail when the > BDC looks for an account of the same name as the my domain - CEL. The > question is , Do i need to create a trust account for my own domain ?. > thanks for reading :) > Ian >