samba - Jan 2006 - wbinfo-t fails but other wbinfo items works

Hi,
i've migrated a debian box into ads, most people can work as they should,
some users eg which are not part of the domain can not authenticate
themself, the log says NT_STATUS_INVALID_COMPUTER_NAME .
After reading all the howtos i noticed that wbinfo -t doesn work, the output
is:
#wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_INVALID_COMPUTER_NAME (0xc0000122)
Could not check secret

I assume that this might be the problem, i was able to join the samba box
fine, net getlocalsid works, kinit and klist also and i dont know why my
setup doesnt work.
My current debian versions are:
ii  krb5-config    1.7            Configuration files for Kerberos Version 5
ii  krb5-user      1.3.6-5        Basic programs to authenticate using MIT
Ker
ii  libkadm55      1.3.6-5        MIT Kerberos administration runtime
librarie
ii  libkrb53       1.3.6-5        MIT Kerberos runtime libraries
ii  libldap2       2.1.30-3       OpenLDAP libraries
ii  samba          3.0.20b-2+b1   a LanManager-like file and printer server
fo
ii  samba-common   3.0.20b-2+b1   Samba common files used by both the server
a
ii  winbind        3.0.20b-2+b1   service to resolve user and group
informatio

My krb5.conf

[realms]
MYDOMAIN.COM = {
         kdc = MYDOMAIN.COM
        admin_server = MYDOMAIN.COM
}

My smb.conf

[global]
    unix charset = ISO8859-15
    workgroup = INTERN
    realm = MYDOMAIN.COM
    security = ADS
    map to guest = Bad User
    password server = n.n.n.n
    passdb backend = smbpasswd, guest
    log level = 2
    log file = /var/log/samba/log.%U
    wins server = n.n.n.n
    ldap ssl = no
    panic action = /usr/share/samba/panic-action %d
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind use default domain = Yes


Log of a problem user

[2005/12/15 09:22:41, 1] smbd/service.c:make_connection_snum(662)
  10.0.3.21 (10.0.3.21) connect to service negofares initially as user test3
(uid=1164, gid=200) (pid 25439)
[2005/12/15 09:22:41, 2] smbd/open.c:open_file(372)
  test3 opened file filesfile.zip read=Yes write=No (numopen=1)

==>> worked fine until here:

[2005/12/28 10:46:05, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [test3] -> [test3] FAILED
with error NT_STATUS_INVALID_COMPUTER_NAME
[2005/12/28 10:46:05, 2] auth/auth.c:check_ntlm_password(317)



Anybody can help ?

many thx

Matt.

I guess i found it,
i had to restart winbindd, since then all it works as it should



-------------------------------------------------------------------

Hi,
i've migrated a debian box into ads, most people can work as they should,
some users eg which are not part of the domain can not authenticate
themself, the log says NT_STATUS_INVALID_COMPUTER_NAME .
After reading all the howtos i noticed that wbinfo -t doesn work, the output
is:
#wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_INVALID_COMPUTER_NAME (0xc0000122)
Could not check secret

I assume that this might be the problem, i was able to join the samba box
fine, net getlocalsid works, kinit and klist also and i dont know why my
setup doesnt work.
My current debian versions are:
ii  krb5-config    1.7            Configuration files for Kerberos Version 5
ii  krb5-user      1.3.6-5        Basic programs to authenticate using MIT
Ker
ii  libkadm55      1.3.6-5        MIT Kerberos administration runtime
librarie
ii  libkrb53       1.3.6-5        MIT Kerberos runtime libraries
ii  libldap2       2.1.30-3       OpenLDAP libraries
ii  samba          3.0.20b-2+b1   a LanManager-like file and printer server
fo
ii  samba-common   3.0.20b-2+b1   Samba common files used by both the server
a
ii  winbind        3.0.20b-2+b1   service to resolve user and group
informatio

My krb5.conf

[realms]
MYDOMAIN.COM = {
         kdc = MYDOMAIN.COM
        admin_server = MYDOMAIN.COM
}

My smb.conf

[global]
    unix charset = ISO8859-15
    workgroup = INTERN
    realm = MYDOMAIN.COM
    security = ADS
    map to guest = Bad User
    password server = n.n.n.n
    passdb backend = smbpasswd, guest
    log level = 2
    log file = /var/log/samba/log.%U
    wins server = n.n.n.n
    ldap ssl = no
    panic action = /usr/share/samba/panic-action %d
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind use default domain = Yes


Log of a problem user

[2005/12/15 09:22:41, 1] smbd/service.c:make_connection_snum(662)
  10.0.3.21 (10.0.3.21) connect to service negofares initially as user test3
(uid=1164, gid=200) (pid 25439)
[2005/12/15 09:22:41, 2] smbd/open.c:open_file(372)
  test3 opened file filesfile.zip read=Yes write=No (numopen=1)

==>> worked fine until here:

[2005/12/28 10:46:05, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [test3] -> [test3] FAILED
with error NT_STATUS_INVALID_COMPUTER_NAME
[2005/12/28 10:46:05, 2] auth/auth.c:check_ntlm_password(317)



Anybody can help ?

many thx

Matt.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba