Hi, I'm using winbind to authenticate squid proxy users via ntlm_auth. Squid, samba and winbind run on the same server. The server is PDC and a member of the domain. After update samba from 3.0.14a up to 3.0.20 ntlm_auth does not work. Also wbinfo got error: # wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) Could not check secret winbind log (winbindd -S -F -i -d 4): cm_get_ipc_userpass: No auth-user defined Serverzone is -14400 Using cleartext machine password cli_net_req_chal: LSA Request Challenge from SERVER to \\SERVER cred_session_key cred_create cli_net_auth2: srv:\\SERVER acct:WORKGROUP$ sc:6 mc: SERVER neg: 400701ff could not open handle to NETLOGON pipe Checking the trust account password returned NT_STATUS_ACCESS_DENIED But if i run winbind with custom config: # diff -u smb.conf wb.conf --- smb.conf Sun Sep 11 20:03:54 2005 +++ wb.conf Sun Sep 11 20:04:08 2005 @@ -8,7 +8,7 @@ display charset = KOI8-R dos charset = 866 winbind use default domain = yes - domain logons = yes + domain logons = no it work fine for me: # wbinfo -t checking the trust secret via RPC calls succeeded winbind log (winbindd -S -F -i -d 4 -s wb.conf): cm_get_ipc_userpass: No auth-user defined Serverzone is -14400 lsa_io_sec_qos: length c does not match size 8 [ 0]: request interface version [ 0]: request location of privileged pipe [ 0]: check machine account child daemon request 26 [31109]: check machine account cm_get_ipc_userpass: No auth-user defined Using cleartext machine password cli_net_req_chal: LSA Request Challenge from SERVER to \\SERVER cred_session_key cred_create cli_net_auth2: srv:\\SERVER acct:SERVER$ sc:6 mc: SERVER neg: 400701ff cred_create cred_assert secret is good Tell me please: it is a bug or feature? smb.conf: [global] workgroup = WORKGROUP admin users = tiamat guest account = guest log file = /var/log/samba/%m.log security = user encrypt passwords = yes unix charset = KOI8-R display charset = KOI8-R dos charset = 866 winbind use default domain = yes domain logons = yes [homes] browseable = no writeable = yes valid users = %S [netlogon] path = /home/samba/netlogon browseable = no Server join into domain with: # net join -U tiamat Password: Joined domain WORKGROUP. Thanks a lot! -- Alex Deiter