Hi everyone, First of all, could you please CC me, I am not (yet) subscribed to this list. Now my problem: I created a test setup at my office that uses winbind to authenticate linux users to a Windows NT server (they log in with DOMAIN+username), as described in the winbindd manpage. I followed their setup completely. (at my work I am using RedHat 7.1 and the winbindd daemon found in the samba-appliance-0.5.1 RPM) I did the same thing somewhere else, the only difference is that the Windows server is a W2K box. When I try to create a machine account on the domain controller with samedit, I get the following: samedit -S 'W2KBox' -W DOMAIN -UAdministrator (substituting DOMAIN with my domain name off course...) this asks for a password, I enter it, it works, I get the following prompt: [DOMAIN\Administrator@W2kBox]$ Everything fine so far... now, when I enter the command [DOMAIN\Administrator@W2kBox]$ createuser MyMachine$ -j DOMAIN -L I get an error (NT_STATUS_ACCESS_DENIED). I use a script to do this, (I used the same script at my work and at the other location). What could possibly be wrong here ??? Thanks, Wouter Eerdekens -- Wouter Eerdekens wouter.eerdekens@fks.be fks bvba - Formal and Knowledge Systems http://www.fks.be/ Luikersteenweg 65 Tel: ++32-(0)11-21 49 11 B-3500 HASSELT Fax: ++32-(0)11-22 04 19
I am trying to authenticate from a linux box to NT 4 DC. I am using RH 9 with all the updates (Samba was preinstall apparently via RPM). Basically winbind doesn't appear to be encrypting the password when sent to the pdc. Here are the results: [root]# wbinfo -u 0xc0000022 [root]# I also ran wbinfo -t and it says the secret is ok. I also ran wbinfo - [root]# wbinfo -a DOMAIN1+test%testpass plaintext password authentication succeeded [root]# In my smb.conf I have: workgroup=DOMAIN1 security=domain password server=* encrypt passwords=yes Is there something I am missing?
hello, i'm trying to use winbind to authenticate windows user on a linux machine. so far I played a while with everything and got winbind running. I did all test described in the winbind.html, but still cant login from windows to the linux machine. I did the following commands successfully: a) wbinfo -u --> list of users b) wbinfo -g --> list of groups c) wbinfo -t --> secret is good d) wbinfo -a username%password --> plaintext password authentication succeeded e) wbinfo -n username --> get the SID What is still going wrong, that i can't authenticate? I'm using samba 2.2.8. Here is my smb.conf: -------------------------------------------------------- [global] netbios name = SambaHead server string = Samba NAS Head socket address = xxx.xxx.xxx.xxx interfaces = xxx.xxx.xxx.xxx/255.255.255.0 workgroup = xxx security = domain password server = xxxxxx os level = 2 encrypt passwords = yes wins support = no domain master = no local master = no winbind separator = "\" # i've tried also with + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes load printers = no show add printer wizard = no log file = /usr/local/samba/var/log.smb max log size = 100000 log level = 3 [xxxx] comment = xxxx path = /export/xxxx read only = no [xxxx] comment = xxxx path = /xxxx/xxxx read only = no -------------------------------------------------------- thanks a lot in advance /lars
> What is still going wrong, that i can't authenticate?Is nscd running? If so, turn it off. Is winbind added to /etc/nsswitch.conf? Does the command "id YOURDOMAIN+user" work? It should. -Mike MacIsaac, IBM mikemac at us.ibm.com (845) 433-7061
I have got winbind working but when I try to login with a DOmain account it tells me that the system administrator has locked your account. WHat is this? Anybody experience this before? Regards. ********************************************************************** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. **********************************************************************
Lars,> nscd is running, i will try this next, but how does nscd interferewinbind? I don't know how, I just know it does. I used to just restart nscd, but I read somewhere that Tridge says nscd and winbind don't mix. Now I recommend "chkconfig nscd off" when using winbind. -Mike MacIsaac, IBM mikemac at us.ibm.com (845) 433-7061
I am getting this same error when trying to authenticate. Very frustrating because everything else works, wbinfo, getent. I can login to Win2K server wth kerberos, but I always see NT_STATUS_NO_LOGON_SERVERS when trying to authenticate. [root@maildev etc]# wbinfo -a user+password plaintext password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) error messsage was: No logon servers Could not authenticate user user+password with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) error messsage was: No logon servers Could not authenticate user user+password with challenge/response The only other thing that fails is wbinfo -t [root@maildev etc]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_UNSUCCESSFUL (0xc0000001) Could not check secret I have joined the computer to the domain but am just beating my head against this issue. Any thoughts out there? TIA, T Schmidt>>I am having the same issue. I am running Samba 3 Alpha 24 trying toconnect to a W2K3 Server with AD. If I getent or chown I can see all my>>domain users, but sshd, login, etc (PAM apps) cant see the accounts. WhenI try to login to the console as a AD user or SSH I get the following >>in /var/log/messages Jun 2 20:38:58 gonzo pam_winbind[1900]: request failed: No logon servers, PAM error was 4, NT error was>>NT_STATUS_NO_LOGON_SERVERS The issue is when I do wbinfo I can seeeverything.... My config is as follows: [global]