Okay, I'm having some weird Windbind issues. Here's my plea below:
Okay, here's my setup:
SLES9 | Samba Version 3.0.4 | Winbind | W2K3-SP1 Active Directory Domain
I have kerberos configured properly, I can successfully run this command:
# knit domainuser
domainuser@TESTDOMAIN.ORG's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
and succesfully joined the domain;
# net ads join -U administrator
and here's my smb.conf:
----------------------------------------------------------------------
[global]
workgroup = TESTDOMAIN
server string = Test File Server
encrypt passwords = yes
netbios name = sambatest
realm = TESTDOMAIN.ORG
security = ADS
password server = server.testdomain.org
### WINBIND CONFIG ###
client schannel = no
template shell = /bin/bash
template homedir = /domainusers/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 5
winbind use default domain = yes
### END WINBIND CONFIG ###
veto files = /.*/
veto oplock files = /*.doc/*.xls/*.mdb/
interfaces = 192.168.110.182/24
allow hosts = 192.168.100. 192.168.110. 192.168.1.
[homes]
comment = Home Directories
browseable = No
read only = No
[data1]
comment = Test Data 1
path = /company/data1
valid users = @domaingroup1
browseable = no
public = no
[data2]
comment = Test Data 2
path = /company/data2
valid users = @domaingroup2
browseable = no
public = no
------------------------------------------------------------------
And this is what is going on:
When I start Windbind,Samba, everything seems to be working fine by results of
the following commands and results:
# wbinfo -t
checking the trust secret via RPC calls succeeded
# wbinfo -a domainuser%password
plaintext password authentication succeeded
challenge/response password authentication succeeded
# smbclient //localhost/data1 -U domainuser
Password:
Domain=[TESTDOMAIN] OS=[Unix] Server=[Samba 3.0.4-SUSE]
smb: \>
# wbinfo -u
domainuser1
domainuser2
domianuser3
# wbinfo -g
domaingroup1
domaingroup2
domaingroup3
# getent passwd
domainuser:x:10023:10001:Domain User:/domainusers/domainuser:/bin/bash
# getent group
domaingroup1:x:10033:domainuser1,domainuser2
# chgrp domaingroup1 data1
then about five minutes later, then everything starts to fail:
# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_MORE_PROCESSING_REQUIRED (0xc0000016)
Could not check secret
# wbinfo -a domainuser%password
plaintext password authentication failed
error code was NT_STATUS_MORE_PROCESSING_REQUIRED (0xc0000016)
error messsage was: NT_STATUS_MORE_PROCESSING_REQUIRED
Could not authenticate user golden%ali0197 with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
error messsage was: winbind client not authorized to use winbindd_pam_auth_crap.
Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly.Could
not authenticate user golden with challenge/response
# smbclient //localhost/data1 -U domainuser
session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED
did you forget to run kinit?
Strangely, when I run kinit, everything returns fine and I'm able to get a
ticket.
but the following commands still runs successfully:
# wbinfo -u
domainuser1
domainuser2
domainuser3
# wbinfo -g
domaingroup1
domaingroup2
domaingroup3
Then when I restart winbind, everything works again, then five minutes later,
nothing!
Something weird is going on with Winbind or I'm probably missing something.
It took me two weeks of reading documentation, google searches, and man pages to
get this current configuration going and I'm about drained on this issue.
Any help would be greatly appreciated. Thanks in advance.
- Delamatrix