samba - Mar 2004 - winbindd/Samba3 on RHEL 3.0

Samba 3.0.2
Red Hat Enterprise Linux ES 3.0


I'm trying to set up winbind and all of the wbinfo commands are failing. 
I was able to join the domain with this command...

root@tux samba# net join -S typhoon -U Administrator
Administrator password:
[2004/03/25 16:53:46, 0] libads/kerberos.c:ads_kinit_password(133)
  kerberos_kinit_password Administrator@foo.org failed: Cannot find KDC
for requested realm
Joined domain FOO.

...but all of the wbinfo commands fail..

root@tux samba# wbinfo -u
Error looking up domain users

root@tux samba# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
Could not check secret

root@tux samba# wbinfo -a jdoe%password
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user jdoe%password with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user jdoe with challenge/response


getent passwd and getent group DO work though.


I've done this before in the past on Red Hat 9 machines and it worked
everytime.   Maybe this problem has something to do with the fact that
this server is on a different subnet from the domain controllers?


Thanks,
Chris

Follow up on yesterdays suggestions, the thread was "Kerberos
authentication
problems" Sounds similar to me.

Brett Stevens
> From: "Chris Purcell" <redhat@cjp.us>
> Date: Thu, 25 Mar 2004 16:55:27 -0500 (EST)
> To: <samba@lists.samba.org>
> Subject: [Samba] winbindd/Samba3 on RHEL 3.0
> 
> Samba 3.0.2
> Red Hat Enterprise Linux ES 3.0
> 
> 
> I'm trying to set up winbind and all of the wbinfo commands are
failing.
> I was able to join the domain with this command...
> 
> root@tux samba# net join -S typhoon -U Administrator
> Administrator password:
> [2004/03/25 16:53:46, 0] libads/kerberos.c:ads_kinit_password(133)
> kerberos_kinit_password Administrator@foo.org failed: Cannot find KDC
> for requested realm
> Joined domain FOO.
> 
> ...but all of the wbinfo commands fail..
> 
> root@tux samba# wbinfo -u
> Error looking up domain users
> 
> root@tux samba# wbinfo -t
> checking the trust secret via RPC calls failed
> error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
> Could not check secret
> 
> root@tux samba# wbinfo -a jdoe%password
> plaintext password authentication failed
> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
> error messsage was: No such user
> Could not authenticate user jdoe%password with plaintext password
> challenge/response password authentication failed
> error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
> error messsage was: No logon servers
> Could not authenticate user jdoe with challenge/response
> 
> 
> getent passwd and getent group DO work though.
> 
> 
> I've done this before in the past on Red Hat 9 machines and it worked
> everytime.   Maybe this problem has something to do with the fact that
> this server is on a different subnet from the domain controllers?
> 
> 
> Thanks,
> Chris
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

> can you provide your smb.conf and krb5.conf.
> I just finished battling to get a RHEL 3 samba box going.
smb.conf...

[global]
   workgroup = Maharam
   server string = Max Samba Server
   log file = /var/log/samba/%m.log
   max log size = 50
   security = domain
   password server = *
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   winbind separator = -
   winbind cache time = 10
   template shell = /bin/bash
   template homedir = /home/%D/%U
   idmap uid = 10000-20000
   idmap gid = 10000-20000

#===Share Definitions ==[tmp]
    comment = Temp
    path = /tmp
    browseable = yes
    writable = yes


I never touched the /etc/krb5.conf file, so its the defaults...

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = EXAMPLE.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 EXAMPLE.COM = {
  kdc = kerberos.example.com:88
  admin_server = kerberos.example.com:749
  default_domain = example.com
 }

[domain_realm]
 .example.com = EXAMPLE.COM
 example.com = EXAMPLE.COM

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }




Thanks,
Chris

> Samba 3.0.2
> Red Hat Enterprise Linux ES 3.0
>
>
> I'm trying to set up winbind and all of the wbinfo commands are
failing.
>  I was able to join the domain with this command...
>
> root@tux samba# net join -S typhoon -U Administrator
> Administrator password:
> [2004/03/25 16:53:46, 0] libads/kerberos.c:ads_kinit_password(133)
>   kerberos_kinit_password Administrator@foo.org failed: Cannot find KDC
> for requested realm
> Joined domain FOO.
>
> ...but all of the wbinfo commands fail..
>
> root@tux samba# wbinfo -u
> Error looking up domain users
>
> root@tux samba# wbinfo -t
> checking the trust secret via RPC calls failed
> error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
> Could not check secret
>
> root@tux samba# wbinfo -a jdoe%password
> plaintext password authentication failed
> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
> error messsage was: No such user
> Could not authenticate user jdoe%password with plaintext password
> challenge/response password authentication failed
> error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
> error messsage was: No logon servers
> Could not authenticate user jdoe with challenge/response
>
>
> getent passwd and getent group DO work though.
>
>
> I've done this before in the past on Red Hat 9 machines and it worked
> everytime.   Maybe this problem has something to do with the fact that
> this server is on a different subnet from the domain controllers?
>
>
> Thanks,
> Chris

I fixed this problem by running this command...

net rpc join -U Administrator

Before that, I was using "net join -S PDC -U Administrator", which
seemed
to work, but didn't.

Can someone please tell me why this worked to begin with?  I'm not sure
what the difference is.

Thanks,
Chris