I posted about a winbind/PAM issue earlier and discovered that the auth
portion of pam_winbind is what was causing my failures. I receive the
following message when trying to authenticate sshd or login with the auth
pam_winbind module:
Jun 3 20:43:04 gonzo pam_winbind[14850]: request failed: No logon servers,
PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 3 20:43:04 gonzo pam_winbind[14850]: internal module error (retval = 4,
user = `TECHFORTIFY+administrator'
Jun 3 20:43:04 gonzo sshd(pam_unix)[14850]: check pass; user unknown
Jun 3 20:44:56 gonzo sshd(pam_unix)[14850]: 1 more authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=10.143.200.200
In another message on the list I noticed someone said they had tried net -t
and it was successful. I decided to try it and it failed. This may be the
source of my problem:
[root@gonzo bin]# ./wbinfo -u
TECHFORTIFY+administrator
TECHFORTIFY+Guest
TECHFORTIFY+krbtgt
TECHFORTIFY+cmw
[root@gonzo bin]# ./wbinfo -g\>
TECHFORTIFY+Domain Computers
TECHFORTIFY+Domain Controllers
TECHFORTIFY+Schema Admins
TECHFORTIFY+Enterprise Admins
TECHFORTIFY+Domain Admins
TECHFORTIFY+Domain Users
TECHFORTIFY+Domain Guests
TECHFORTIFY+Group Policy Creator Owners
[root@gonzo bin]# ./wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_UNSUCCESSFUL (0xc0000001)
Could not check secret
[root@gonzo bin]# /usr/kerberos/bin/kinit administrator@AD.TECHFORTIFY.NET
Password for administrator@AD.TECHFORTIFY.NET:
[root@gonzo bin]# ./net ads join
[2003/06/03 20:51:24, 0] libads/ldap.c:ads_join_realm(1352)
Host account for gonzo already exists - deleting old account
Joined 'GONZO' to realm 'AD.TECHFORTIFY.NET'
[root@gonzo bin]# ./wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_UNSUCCESSFUL (0xc0000001)
Could not check secret
As you can see I tried re-joining the domain and still failed. Any have any
ideas as to what is causing this issue? If I remove auth pointing at winbind
it lets me login but it is very unhappy.
Chet Wisniewski
chetw@nospam.zuzax.com