samba - Jan 2006 - ntlm_auth: (pipe \PIPE\NETLOGON) has died or was never started (fd == -1)

I'm exeperiencing a strange ntlm_auth problem:
I'm running two domain with a trust; the trusting one,
(EUFEMIA with the PDC Beatrice) uses the WINS facility of
the trusted one (LETTERE, PDC Alice).

Users of EUFEMIA and LETTERE alike have a successful logon to
Beatrice.

LETTERE users do authenticate in Beatrice with ntlm_auth.
EUFEMIA users do not:
beatrice:/home# ntlm_auth --username user1 --password ****** --domain
EUFEMIA
NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)

(by the way wbinfo -a returns something similar):
beatrice:/home# wbinfo -aEUFEMIA\\user1%******
plaintext password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user EUFEMIA\\user1%****** with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user EUFEMIA\\user1%****** with challenge/response

Please note EUFEMIA\\user1 has login throught command:
smbclient -UEUFEMIA\\user1%****** -L beatrice.

 From Beatrice (and from Alice alike), I can correctly list the Browse
master
and PDC of EUFEMIA with nmblookup. nmblookup -S EUFEMIA returns
bearice with the <1C> tag (and <1D> as well).

I have no idea what "No logon servers" means. The logs from winbindd
are:

[2006/01/29 10:56:23, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
   [29121]: request interface version
[2006/01/29 10:56:23, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
   [29121]: request location of privileged pipe
[2006/01/29 10:56:23, 3] nsswitch/winbindd_misc.c:winbindd_info(248)
   [29121]: request misc info
[2006/01/29 10:56:23, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(179)
   [29121]: pam auth EUFEMIA\user1
[2006/01/29 10:56:23, 3] nsswitch/winbindd_cm.c:connection_ok(724)
   Connection to  for domain EUFEMIA (pipe \PIPE\NETLOGON) has died or
was never started (fd == -1)
[2006/01/29 10:56:23, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
   cm_get_ipc_userpass: No auth-user defined
[2006/01/29 10:56:33, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
   cli_pipe: return critical error. Error was Call timed out: server did
not respond after 10000 milliseconds
[2006/01/29 10:56:33, 3] nsswitch/winbindd_cm.c:connection_ok(724)
   Connection to  for domain EUFEMIA (pipe \PIPE\NETLOGON) has died or
was never started (fd == -1)
[2006/01/29 10:56:33, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
   cm_get_ipc_userpass: No auth-user defined
[2006/01/29 10:56:43, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
   cli_pipe: return critical error. Error was Call timed out: server did
not respond after 10000 milliseconds
[2006/01/29 10:56:43, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth(361)
   Plain-text authentication for user EUFEMIA\user1 returned
NT_STATUS_NO_LOGON_SERVERS (PAM: 4)
[2006/01/29 10:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
   [29122]: request interface version
[2006/01/29 10:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
   [29123]: request interface version
[2006/01/29 10:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
   [29122]: request location of privileged pipe
[2006/01/29 10:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
   [29123]: request location of privileged pipe
[2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
   [29122]: getpwnam user1
[2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
   [29123]: getpwnam user1
[2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
   [29123]: getpwnam user1
[2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
   [29122]: getpwnam user1

What does
   Connection to  for domain EUFEMIA (pipe \PIPE\NETLOGON) has died or
was never started (fd == -1)
mean?

Alice is a Fedora Core 1 Samba3.0.21a server.
Beatrice is a Debian GNU/Linux Samba3.0.14a server.

I need ntlm_auth because squid runs on beatrice.
beatrice:/home$ testparm -v | grep win
	name resolve order = wins lmhosts host bcast
         max wins ttl = 518400
         min wins ttl = 21600
         wins proxy = No
         wins server = (IP address of alice)
         wins support = No
         wins hook          wins partners          winbind separator = \
         winbind cache time = 300
         winbind enable local accounts = No
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind use default domain = No
         winbind trusted domains only = No
         winbind nested groups = No

I have level 10 log from winbindd and from smbd but they are huge.
If you need them, just ask.

Thank to everyone patient enought to read this post,

Again, thank you,

Francesco

I'm exeperiencing a strange ntlm_auth problem:
I'm running two domain with a trust; the trusting one,
(EUFEMIA with the PDC Beatrice) uses the WINS facility of
the trusted one (LETTERE, PDC Alice).

Users of EUFEMIA and LETTERE alike have a successful logon to
Beatrice.

LETTERE users do authenticate in Beatrice with ntlm_auth.
EUFEMIA users do not:
beatrice:/home# ntlm_auth --username user1 --password ****** --domain
EUFEMIA
NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)

(by the way wbinfo -a returns something similar):
beatrice:/home# wbinfo -aEUFEMIA\\user1%******
plaintext password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user EUFEMIA\\user1%****** with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user EUFEMIA\\user1%****** with challenge/response

Please note EUFEMIA\\user1 has login throught command:
smbclient -UEUFEMIA\\user1%****** -L beatrice.

 From Beatrice (and from Alice alike), I can correctly list the Browse
master
and PDC of EUFEMIA with nmblookup. nmblookup -S EUFEMIA returns
bearice with the <1C> tag (and <1D> as well).

I have no idea what "No logon servers" means. The logs from winbindd
are:

[2006/01/29 10:56:23, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
   [29121]: request interface version
[2006/01/29 10:56:23, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
   [29121]: request location of privileged pipe
[2006/01/29 10:56:23, 3] nsswitch/winbindd_misc.c:winbindd_info(248)
   [29121]: request misc info
[2006/01/29 10:56:23, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(179)
   [29121]: pam auth EUFEMIA\user1
[2006/01/29 10:56:23, 3] nsswitch/winbindd_cm.c:connection_ok(724)
   Connection to  for domain EUFEMIA (pipe \PIPE\NETLOGON) has died or
was never started (fd == -1)
[2006/01/29 10:56:23, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
   cm_get_ipc_userpass: No auth-user defined
[2006/01/29 10:56:33, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
   cli_pipe: return critical error. Error was Call timed out: server did
not respond after 10000 milliseconds
[2006/01/29 10:56:33, 3] nsswitch/winbindd_cm.c:connection_ok(724)
   Connection to  for domain EUFEMIA (pipe \PIPE\NETLOGON) has died or
was never started (fd == -1)
[2006/01/29 10:56:33, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
   cm_get_ipc_userpass: No auth-user defined
[2006/01/29 10:56:43, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
   cli_pipe: return critical error. Error was Call timed out: server did
not respond after 10000 milliseconds
[2006/01/29 10:56:43, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth(361)
   Plain-text authentication for user EUFEMIA\user1 returned
NT_STATUS_NO_LOGON_SERVERS (PAM: 4)
[2006/01/29 10:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
   [29122]: request interface version
[2006/01/29 10:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
   [29123]: request interface version
[2006/01/29 10:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
   [29122]: request location of privileged pipe
[2006/01/29 10:56:43, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
   [29123]: request location of privileged pipe
[2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
   [29122]: getpwnam user1
[2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
   [29123]: getpwnam user1
[2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
   [29123]: getpwnam user1
[2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
   [29122]: getpwnam user1

What does
   Connection to  for domain EUFEMIA (pipe \PIPE\NETLOGON) has died or
was never started (fd == -1)
mean?

Alice is a Fedora Core 1 Samba3.0.21a server.
Beatrice is a Debian GNU/Linux Samba3.0.14a server.

I need ntlm_auth because squid runs on beatrice.
beatrice:/home$ testparm -v | grep win
	name resolve order = wins lmhosts host bcast
         max wins ttl = 518400
         min wins ttl = 21600
         wins proxy = No
         wins server = (IP address of alice)
         wins support = No
         wins hook          wins partners          winbind separator = \
         winbind cache time = 300
         winbind enable local accounts = No
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind use default domain = No
         winbind trusted domains only = No
         winbind nested groups = No

I have level 10 log from winbindd and from smbd but they are huge.
If you need them, just ask.

Thank to everyone patient enought to read this post,

Again, thank you,

Francesco

On Sun, 2006-01-29 at 17:45 +0100, Francesco Malvezzi
wrote:
> I'm exeperiencing a strange ntlm_auth problem:
> I'm running two domain with a trust; the trusting one,
> (EUFEMIA with the PDC Beatrice) uses the WINS facility of
> the trusted one (LETTERE, PDC Alice).
> 
> Users of EUFEMIA and LETTERE alike have a successful logon to
> Beatrice.
> 
> LETTERE users do authenticate in Beatrice with ntlm_auth.
> EUFEMIA users do not:
> beatrice:/home# ntlm_auth --username user1 --password ****** --domain
> EUFEMIA
> NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)
This is your problem:
> [2006/01/29 10:56:33, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
>    cli_pipe: return critical error. Error was Call timed out: server did
> not respond after 10000 milliseconds
For some reason, your server is not responding.  perhaps samba3 is
locked up talking to a backing LDAP server?  What do the logs on the
server show?  

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20060131/3c4a197f/attachment.bin