Samba 3.0.2 Red Hat Enterprise Linux ES 3.0 I'm trying to set up winbind and all of the wbinfo commands are failing. I was able to join the domain with this command... root@tux samba# net join -S typhoon -U Administrator Administrator password: [2004/03/25 16:53:46, 0] libads/kerberos.c:ads_kinit_password(133) kerberos_kinit_password Administrator@foo.org failed: Cannot find KDC for requested realm Joined domain FOO. ...but all of the wbinfo commands fail.. root@tux samba# wbinfo -u Error looking up domain users root@tux samba# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233) Could not check secret root@tux samba# wbinfo -a jdoe%password plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc0000064) error messsage was: No such user Could not authenticate user jdoe%password with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) error messsage was: No logon servers Could not authenticate user jdoe with challenge/response getent passwd and getent group DO work though. I've done this before in the past on Red Hat 9 machines and it worked everytime. Maybe this problem has something to do with the fact that this server is on a different subnet from the domain controllers? Thanks, Chris
Follow up on yesterdays suggestions, the thread was "Kerberos authentication problems" Sounds similar to me. Brett Stevens> From: "Chris Purcell" <redhat@cjp.us> > Date: Thu, 25 Mar 2004 16:55:27 -0500 (EST) > To: <samba@lists.samba.org> > Subject: [Samba] winbindd/Samba3 on RHEL 3.0 > > Samba 3.0.2 > Red Hat Enterprise Linux ES 3.0 > > > I'm trying to set up winbind and all of the wbinfo commands are failing. > I was able to join the domain with this command... > > root@tux samba# net join -S typhoon -U Administrator > Administrator password: > [2004/03/25 16:53:46, 0] libads/kerberos.c:ads_kinit_password(133) > kerberos_kinit_password Administrator@foo.org failed: Cannot find KDC > for requested realm > Joined domain FOO. > > ...but all of the wbinfo commands fail.. > > root@tux samba# wbinfo -u > Error looking up domain users > > root@tux samba# wbinfo -t > checking the trust secret via RPC calls failed > error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233) > Could not check secret > > root@tux samba# wbinfo -a jdoe%password > plaintext password authentication failed > error code was NT_STATUS_NO_SUCH_USER (0xc0000064) > error messsage was: No such user > Could not authenticate user jdoe%password with plaintext password > challenge/response password authentication failed > error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) > error messsage was: No logon servers > Could not authenticate user jdoe with challenge/response > > > getent passwd and getent group DO work though. > > > I've done this before in the past on Red Hat 9 machines and it worked > everytime. Maybe this problem has something to do with the fact that > this server is on a different subnet from the domain controllers? > > > Thanks, > Chris > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
> can you provide your smb.conf and krb5.conf. > I just finished battling to get a RHEL 3 samba box going.smb.conf... [global] workgroup = Maharam server string = Max Samba Server log file = /var/log/samba/%m.log max log size = 50 security = domain password server = * encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 winbind separator = - winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U idmap uid = 10000-20000 idmap gid = 10000-20000 #===Share Definitions ==[tmp] comment = Temp path = /tmp browseable = yes writable = yes I never touched the /etc/krb5.conf file, so its the defaults... [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false [realms] EXAMPLE.COM = { kdc = kerberos.example.com:88 admin_server = kerberos.example.com:749 default_domain = example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Thanks, Chris
> Samba 3.0.2 > Red Hat Enterprise Linux ES 3.0 > > > I'm trying to set up winbind and all of the wbinfo commands are failing. > I was able to join the domain with this command... > > root@tux samba# net join -S typhoon -U Administrator > Administrator password: > [2004/03/25 16:53:46, 0] libads/kerberos.c:ads_kinit_password(133) > kerberos_kinit_password Administrator@foo.org failed: Cannot find KDC > for requested realm > Joined domain FOO. > > ...but all of the wbinfo commands fail.. > > root@tux samba# wbinfo -u > Error looking up domain users > > root@tux samba# wbinfo -t > checking the trust secret via RPC calls failed > error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233) > Could not check secret > > root@tux samba# wbinfo -a jdoe%password > plaintext password authentication failed > error code was NT_STATUS_NO_SUCH_USER (0xc0000064) > error messsage was: No such user > Could not authenticate user jdoe%password with plaintext password > challenge/response password authentication failed > error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) > error messsage was: No logon servers > Could not authenticate user jdoe with challenge/response > > > getent passwd and getent group DO work though. > > > I've done this before in the past on Red Hat 9 machines and it worked > everytime. Maybe this problem has something to do with the fact that > this server is on a different subnet from the domain controllers? > > > Thanks, > ChrisI fixed this problem by running this command... net rpc join -U Administrator Before that, I was using "net join -S PDC -U Administrator", which seemed to work, but didn't. Can someone please tell me why this worked to begin with? I'm not sure what the difference is. Thanks, Chris
Maybe Matching Threads
- net ads testjoin failed but net rpc testjoin work
- default backend = rid not showing full group information for users
- default backend = rid not showing full group information for users
- dovecot 2.2.0 corrupts mailboxes?
- quota-related crash for doveadm dsync operation