When I try to rejoin the domain I get the following:
------------------------------------------------------------------------
----------
INFO: Debug class all level = 1 (pid 4788 from pid 4788)
WARNING: The "alternate permissions"option is deprecated
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
cli_nt_setup_creds: auth2 challenge failed
modify_trust_password: unable to setup the PDC credentials to machine
APPS_SERVER. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.
2001/10/23 09:32:58 : change_trust_account_password: Failed to change
password for domain TSL.COM.
------------------------------------------------------------------------
----------
Any ideas?
Regards
Winston Nimchan
-----Original Message-----
From: Levi Ruiz [mailto:lruiz@pnicorp.com]
Sent: Monday, October 22, 2001 5:06 PM
To: Samba Mailing List (E-mail)
Subject: RE: Winbind/RH7.1...More Help
Delete your MACHINE.SID and secrets.tdb files from your config dir
(/etc/samba/?), delete the machine account from Server Manager in NT and
recreate it. Then rejoin the domain with "smbpassd -j DOMAIN -r PDC"
and
try again.
-----Original Message-----
From: Winston Nimchan [mailto:Winston_Nimchan@trinsys.com]
Sent: Monday, October 22, 2001 1:37 PM
To: Sean Trammell
Cc: samba@lists.samba.org
Subject: RE: Winbind/RH7.1...More Help
My problem seems to be:
unable to setup the PDC credenntials to machine <Domain Controller>
Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT
It tries to authenticate against each of my domain controllers and fails
Does this seem fimilair
Regards
Winston Nimchan
-----Original Message-----
From: Sean Trammell [mailto:strammell@siumed.edu]
Sent: Monday, October 22, 2001 4:00 PM
To: Winston Nimchan
Cc: samba@lists.samba.org
Subject: Re: Winbind/RH7.1...More Help
The reason for using winbind is so that you do not have to duplicate
accounts on the local machine. smbpasswd is not used at all on my
system. I believe that when you use winbind, authentication is passed
onto your existing system(s), defined in 'password server'.
You have to be getting log entries somewhere that will help you to
figure out what is breaking. I think that logs, by default, are stored
in /usr/local/samba/var. The default setting also separates logs by
computer name, and so what I would do is find a test computer and try to
connect to the samba server using a normal domain account. When that
doesn't work, check the appropriate logfile to see why the connection
was rejected. Log level 1 catches most problems for me, if the
connection is rejected and nothing is logged, you may have to increase
this. This is what I use in my smb.conf file for logs if it helps any:
# LOGGING:
#
log level = 1
log file = /var/log/samba/%m.log
max log size = 50
You are getting usernames back from 'getent passwd', right? That at
least indicates that nsswitch is working.
Winston Nimchan wrote:>
> I have a Win 2K Mixed Mode domain with 1 NT4 Server and 4 2k Servers
> I installed from source/configured with --with-pam etc
> I have Win 2k, 9x clients.
>
> If I manually add my domain users to smbpasswd, my 2k clients can
> connect to my samba server and use resources but my win 9x clients are
> prompting for password and nothing that i enter seems to be valid.
>
> Is winbind supposed to copy my domain users/groups to my samba box? so
I> don't have to recreate each user in samba.
>
> Regards
>
> Winston Nimchan
>
> -----Original Message-----
> From: Sean Trammell [mailto:strammell@siumed.edu]
> Sent: Monday, October 22, 2001 1:35 PM
> To: Winston Nimchan
> Cc: David Brodbeck; samba@lists.samba.org
> Subject: Re: Winbind/RH7.1...More Help
>
> Someone correct me if I am wrong, but I think that this really is a
PAM> problem. There are several things that I can think of offhand, either
> samba was not compiled --with-pam or samba is not configured correctly
> or the appropriate PAM module is not configured correctly. We need
more> information, are you getting any errors in /var/log/messages? PAM
> problems are logged there on my Redhat 7.1 system. Also, did you use
an> RPM or did you compile samba from source? If it was source, did you
use> --with-pam when configuring? If that fails you could post the
relevant> lines of your smb.conf file (probably most the global section). What
is> the OS of your password server?
>
> -Sean
>
> Winston Nimchan wrote:
> >
> > hey:
> >
> > got pass that stage. wbinfo & getent returns the values as
expected.
> >
> > However my Windoze client are prompting for username/password and
> > nothing I enter is being accepted. Any ideas?
> >
> > Regards
> >
> > Winston Nimchan
> >
> > -----Original Message-----
> > From: David Brodbeck [mailto:DavidB@mail.interclean.com]
> > Sent: Monday, October 22, 2001 12:59 PM
> > To: Winston Nimchan; Sean Trammell
> > Cc: samba@lists.samba.org
> > Subject: RE: Winbind/RH7.1...More Help
> >
> > I don't think this is a PAM problem. 'getent' relies on
the
nsswitch> > mechanism but I don't think it relies on PAM.
> >
> > -----Original Message-----
> > From: Winston Nimchan [mailto:Winston_Nimchan@trinsys.com]
> > Sent: Friday, October 19, 2001 3:08 PM
> > To: Sean Trammell
> > Cc: samba@lists.samba.org
> > Subject: RE: Winbind/RH7.1...More Help
> >
> > Tried all the suggestions and still can't see my domain
users/groups
> > with getent
> > secret is good and message has nothing abnormal bout PAM
> >
> > Winston
> >
> > -----Original Message-----
> > From: Sean Trammell [mailto:strammell@siumed.edu]
> > Sent: Friday, October 19, 2001 10:54 AM
> > To: Winston Nimchan
> > Cc: samba@lists.samba.org
> > Subject: Re: Winbind/RH7.1...More Help
> >
> > That is most likely a PAM problem, you need to create/modify a file
> at:
> > /etc/pam.d/samba
> >
> > so that authentication will work against your domain (only for the
> > samba service, logging into your linux computer is a different
> > service). Be very careful with PAM, you can lock yourself out of
your> > machine if it is misconfigured. For example, my /etc/pam.d/samba
file> > looks like this:
> >
> > auth required /lib/security/pam_securetty.so
> > auth required /lib/security/pam_nologin.so
> > auth sufficient /lib/security/pam_winbind.so
> > auth required /lib/security/pam_pwdb.so
> use_first_pass
> > shadow nullok
> > account required /lib/security/pam_winbind.so
> > session required /lib/security/pam_pwdb.so
> > password required /lib/security/pam_pwdb.so
> >
> > Check to make sure that PAM is configured correctly for samba here,
> > and then you can check the error log at /var/log/messages for any
> > errors relating to PAM if it still won't work. Also make sure
> > that the pam module pam_winbind.so is in place in /lib/security.
> >
> > Login is a separate module (not samba), you would need to modify
> > another module config to do that.
> >
> > -Sean
> >
> > Winston Nimchan wrote:
> > >
> > > The winbind now works...my getent passwd & groups returns the
domain> > > users/groups
> > >
> > > What should be the next step? my clients (Win2K & Win9x) are
still
> > > prompting for a password and I cannot login to my linux box using
> > > DOMAIN*domainuser.
> > >
> > > Must I add each domain user as a user on the linux box?
> > >
> > > Regards
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
