Ingmar Koecher
2002-Jun-07 07:48 UTC
[Samba] winbindd + wbinfo -> NT_STATUS_CANT_ACCESS_DOMAIN_INFO
I still can't get winbindd working properly even though I am making some progress here. I retrieved the latest CVS version last night and now I can finally use non-anonymous connections - that works very well. I *did* update both of the pam modules in /lib and /lib/security winbindd runs under the account of a regular domain user "wbinfo -u" shows me all users and "getent passwd" shows me unix & nt users as well. Needless to say that I was thrilled to see that. Authentication however still does not work. I am currently trying to run "wbinfo -a testuser1%testuser1" which always returns NT_STATUS_CANT_ACCESS_DOMAIN_INFO - and I don't know what that means. I tried to execute "querydominfo" with the rpcclient (running it under the same account that winbindd uses) which did not result in an error message - I got the # of accounts, groups and such - I don't know if that's the same thing though. I tried "wbinfo -a MYDOMAIN+testuser1%testuser1" when I had set the winbindd separator to "+" which makes no difference at all. "wbinfo -t" returns "checking the trust secret via RPC calls succeeded. Oddly enough there is no network traffic as I am typing this command - this must be since winbindd caches that information. There is also no network traffic as I am typing "wbinfo -a ..." which suprises me a little bit - does winbindd cache all domain information? I was under the impression that only the administrator is able to obtain password hashes - so if winbindd does not communicate with the domain controller as I am typing "wbinfo -a testuser..." then it must have obtained the hash earlier? I am little bit confused - again. In detail, wbinfo says: ------------------------ plaintext password authentication failed error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) Could not authenticate user testuser1%testuser1 with plaintext password challenge/response password authentication failed error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) Could not authenticate user testuser1%testuser1 with challenge/response winbindd says: ------------------------ [..] pam auth: testuser1 winbindd_pam_auth: could not fetch trust account password for domain MYDOMAIN Plain-text authentiation for user testuser1 returned NT_STATUS_CANT_ACCESS_DOMAIN_INFO [..] request misc info [..] request domain name [..] pam auth crap domain: MYDOMAIN user: testuser1 winbindd_pam_auth: could not fetch trust account password for domain MYDOMAIN NTLM CRAP authentiation for user [MYDOMAIN]\[testuser1\ returned NT_STATUS_CANT_ACCESS_DOMAIN_INFO Thanks a lot for any help, Ingmar.
Apparently Analagous Threads
- Can't get NTLM authentication working with Samba
- samba4 - classicupgrade - problem - passdb.error uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend NT_STATUS_CANT_ACCESS_DOMAIN_INFO
- Winbind AIX
- ntlm_auth, samba PDC
- NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Wisdom of the Ancients
