Doug Sampson
2006-Sep-06 16:00 UTC
FW: [Samba] authenticating using winbindd against NT4 domain fail s (URGENT)
Hi folks, Can anyone shed light on this issue? I haven't heard from you guys. Is there anything else I could do to expedite resolution of this issue? I've read the WHATSNEW.txt and reviewed the release notes. I am not sure if I've fully grasped what needs to be done. Can someone point me in the right direction? ~Doug -----Original Message----- From: Doug Sampson [mailto:dougs@dawnsign.com] Sent: Tuesday, September 05, 2006 09:59 PM To: 'samba@lists.samba.org' Subject: [Samba] authenticating using winbindd against NT4 domain fails Since version 3.0.23b, I have been having trouble getting Windows & OSX users to access an NT domain member server running FreeBSD 5.4. It is now at 3.0.23c (installed this morning the 5th). root@aries:/usr/local/lib# net rpc user Password: Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_NO_LOGON_SERVERS root@aries:/usr/local/lib# net rpc user Password: Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_NO_LOGON_SERVERS root@aries:/usr/local/lib# net rpc testjoin -U root Join to 'DSP' is OK root@aries:/usr/local/lib# net rpc info Password: Domain Name: DSP Domain SID: S-1-5-21-2008768363-1786319642-1659389152 Sequence number: 16744 Num users: 116 Num domain groups: 16 Num local groups: 1 root@aries:/usr/local/lib# net rpc testjoin Join to 'DSP' is OK root@aries:/usr/local/lib# wbinfo -u >>> works OK root@aries:/usr/local/lib# wbinfo -g >>> works OK root@aries:/usr/local/lib# tail -n 25 /var/log/samba/log.wb-DSP cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL [2006/09/05 20:07:07, 0] nsswitch/winbindd_dual.c:child_read_request(49) Got invalid request length: 0 [2006/09/05 20:08:22, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL [2006/09/05 20:23:42, 0] nsswitch/winbindd_dual.c:child_read_request(49) Got invalid request length: 0 [2006/09/05 20:25:00, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL [2006/09/05 21:00:06, 0] nsswitch/winbindd_dual.c:child_read_request(49) Got invalid request length: 0 [2006/09/05 21:00:06, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL [2006/09/05 21:00:06, 0] lib/util_sock.c:write_data(564) write_data: write failure. Error = Broken pipe [2006/09/05 21:00:06, 0] nsswitch/winbindd_dual.c:fork_domain_child(825) Could not write result [2006/09/05 21:00:06, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL [2006/09/05 21:00:06, 0] lib/util_sock.c:write_data(564) write_data: write failure. Error = Broken pipe [2006/09/05 21:00:06, 0] nsswitch/winbindd_dual.c:fork_domain_child(825) Could not write result [2006/09/05 21:00:06, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL root@aries:/usr/local/lib# tail -n 25 /var/log/messages Sep 5 20:25:00 aries winbindd[640]: [2006/09/05 20:25:00, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) Sep 5 20:25:00 aries winbindd[640]: cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL Sep 5 20:25:11 aries apcupsd[557]: apcupsd 3.12.3 (26 April 2006) freebsd startup succeeded Sep 5 21:00:06 aries nmbd[627]: [2006/09/05 21:00:06, 0] nmbd/nmbd.c:terminate(58) Sep 5 21:00:06 aries nmbd[627]: Got SIGTERM: going down... Sep 5 21:00:06 aries winbindd[640]: [2006/09/05 21:00:06, 0] nsswitch/winbindd_dual.c:child_read_request(49) Sep 5 21:00:06 aries winbindd[640]: Got invalid request length: 0 Sep 5 21:00:06 aries winbindd[862]: [2006/09/05 21:00:06, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) Sep 5 21:00:06 aries winbindd[862]: cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL Sep 5 21:00:06 aries nmbd[847]: [2006/09/05 21:00:06, 0] nmbd/nmbd.c:terminate(58) Sep 5 21:00:06 aries nmbd[847]: Got SIGTERM: going down... Sep 5 21:00:06 aries winbindd[862]: [2006/09/05 21:00:06, 0] lib/util_sock.c:write_data(564) Sep 5 21:00:06 aries winbindd[862]: write_data: write failure. Error Broken pipe Sep 5 21:00:06 aries winbindd[862]: [2006/09/05 21:00:06, 0] nsswitch/winbindd_dual.c:fork_domain_child(825) Sep 5 21:00:06 aries winbindd[862]: Could not write result Sep 5 21:00:06 aries winbindd[921]: [2006/09/05 21:00:06, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) Sep 5 21:00:06 aries winbindd[921]: cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL Sep 5 21:00:06 aries nmbd[906]: [2006/09/05 21:00:06, 0] nmbd/nmbd.c:terminate(58) Sep 5 21:00:06 aries nmbd[906]: Got SIGTERM: going down... Sep 5 21:00:06 aries winbindd[921]: [2006/09/05 21:00:06, 0] lib/util_sock.c:write_data(564) Sep 5 21:00:06 aries winbindd[921]: write_data: write failure. Error Broken pipe Sep 5 21:00:06 aries winbindd[921]: [2006/09/05 21:00:06, 0] nsswitch/winbindd_dual.c:fork_domain_child(825) Sep 5 21:00:06 aries winbindd[921]: Could not write result Sep 5 21:00:06 aries winbindd[979]: [2006/09/05 21:00:06, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265) Sep 5 21:00:06 aries winbindd[979]: cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL root@aries:/usr/local/lib# vi /etc/nsswitch.conf passwd: files winbind passwd_compat: nis group: files winbind group_compat: nis hosts: files dns winbind networks: files shells: files root@aries:/usr/local/lib# ll *win* lrwxr-xr-x 1 root wheel 18 Sep 5 09:28 libnss_winbind.so -> ./nss_winbind.so.1 lrwxr-xr-x 1 root wheel 18 Sep 5 09:28 libnss_winbind.so.1 -> ./nss_winbind.so.1 lrwxr-xr-x 1 root wheel 18 Sep 5 09:28 libnss_winbind.so.2 -> ./nss_winbind.so.1 lrwxr-xr-x 1 root wheel 15 Sep 5 09:25 libnss_wins.so -> ./nss_wins.so.1 lrwxr-xr-x 1 root wheel 15 Sep 5 09:26 libnss_wins.so.1 -> ./nss_wins.so.1 lrwxr-xr-x 1 root wheel 15 Sep 5 09:26 libnss_wins.so.2 -> ./nss_wins.so.1 -r-xr-xr-x 1 root wheel 16696 Jul 14 14:29 nss_winbind.ol1 lrwxr-xr-x 1 root wheel 18 Sep 5 09:30 nss_winbind.so -> ./nss_winbind.so.1 -r-xr-xr-x 1 root wheel 18232 Sep 5 09:13 nss_winbind.so.1 lrwxr-xr-x 1 root wheel 18 Sep 5 09:30 nss_winbind.so.2 -> ./nss_winbind.so.1 -r-xr-xr-x 1 root wheel 18232 Aug 28 18:23 nss_winbind.so.ol2 -rwxr-xr-x 1 root wheel 23057 Sep 15 2005 nss_winbind.so.old lrwxr-xr-x 1 root wheel 15 Sep 5 09:31 nss_wins.so -> ./nss_wins.so.1 -r-xr-xr-x 1 root wheel 745440 Sep 5 09:13 nss_wins.so.1 lrwxr-xr-x 1 root wheel 15 Sep 5 09:31 nss_wins.so.2 -> ./nss_wins.so.1 -r-xr-xr-x 1 root wheel 745184 Aug 28 20:26 nss_wins.so.bkup -r-xr-xr-x 1 root wheel 744448 Jul 14 14:31 nss_wins.so.ol1 -rwxr-xr-x 1 root wheel 813451 Sep 15 2005 nss_wins.so.old -r-xr-xr-x 1 root wheel 33416 Sep 5 09:13 pam_winbind.so When a Windows attempts to connect to Aries using Windows Explorer and browsing through the Network Neighborhood, the user receives the following message: \\ARIES is not accessible. There are currently no logon servers available to service the logon request. root@aries:/usr/local/lib# testparm -s Load smb config files from /usr/local/etc/smb.conf Processing section "[homes]" Processing section "[macdata]" Processing section "[backup]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER [global] workgroup = DSP server string = Samba %v security = DOMAIN password server = altair gemini log file = /var/log/samba/log.%m max log size = 50 smb ports = 139 max xmit = 65535 deadtime = 15 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=4096 SO_SNDBUF=4096 os level = 33 local master = No dns proxy = No wins server = 192.168.1.1 idmap uid = 15000-20000 idmap gid = 15000-20000 template homedir = /usr/home/%D/%U template shell = /bin/bash winbind separator = - winbind enum users = Yes winbind enum groups = Yes hosts allow = 192.168.1., 192.168.2., 127., 10.8.0. [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 browseable = No [macdata] comment = Production Data path = /data valid users = DSP-alfredo, DSP-matte, DSP-michaelm, DSP-becky, DSP-marlah, DSP-doug, @production force group = @DSP-production read only = No create mask = 0770 force create mode = 0660 directory mask = 0770 force directory mode = 02770 guest ok = Yes hide files /_*/:*/.*/.AppleDB/.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary Items/.DS_Store/ vfs objects = netatalk [backup] comment = backup volume path = /backup valid users = "@DSP-domain admins", DSP-doug read only = No create mask = 0774 directory mask = 0774 force directory mode = 0774 I understand that the winbind behavior has changed in 3.0.23x (or 3.0.22?) but it was my impression that nothing had changed in the way a Samba member server authenticates against a NT4 PDC using winbindd. What might I be doing wrong here? ~Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Doug Sampson
2006-Sep-06 23:35 UTC
FW: [Samba] authenticating using winbindd against NT4 domain fail s (URGENT)
> > Can anyone shed light on this issue? I haven't heard > > from you guys. Is there anything else I could do to > > expedite resolution of this issue? I've read the > > WHATSNEW.txt and reviewed the release notes. I > > am not sure if I've fully grasped what needs > > to be done. Can someone point me in the right > > direction? > > Is this an NT 4.0 or a mixed mode AD domain? Is the DC running > NT 4.0 SP6 ? > > If there is a bug here, it is neither a known issue or > intended behaviorThis is a pure NT 4.0 domain. Yes, all DCs are running NT 4.0 SP6. ~Doug
Doug Sampson
2006-Sep-07 20:24 UTC
FW: [Samba] authenticating using winbindd against NT4 domain fail s (URGENT)
> > > Can anyone shed light on this issue? I haven't heard > > > from you guys. Is there anything else I could do to > > > expedite resolution of this issue? I've read the > > > WHATSNEW.txt and reviewed the release notes. I > > > am not sure if I've fully grasped what needs > > > to be done. Can someone point me in the right > > > direction? > > > > Is this an NT 4.0 or a mixed mode AD domain? Is the DC running > > NT 4.0 SP6 ? > > > > If there is a bug here, it is neither a known issue or > > intended behavior > > This is a pure NT 4.0 domain. Yes, all DCs are running NT 4.0 SP6. >So how do I go about fixing this or filing a bug report? I could use some assistance either way. ~Doug
Felipe Augusto van de Wiel
2006-Sep-18 14:16 UTC
FW: [Samba] authenticating using winbindd against NT4 domain fail s (URGENT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/06/2006 01:00 PM, Doug Sampson escreveu:> Hi folks, > > Can anyone shed light on this issue? I haven't heard from you guys. Is there > anything else I could do to expedite resolution of this issue? I've read the > WHATSNEW.txt and reviewed the release notes. I am not sure if I've fully > grasped what needs to be done. Can someone point me in the right direction?It is just a guess, but if you try to increase the SO_SNDBUF and SO_RCVBUF for something like 8192 does it solve the problem?> ~DougKind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFDqPzCj65ZxU4gPQRAo7NAJ99Y7gTuD01Mpr3SxW7QnCoJD6ZeQCgohXU uYWPEpQWcZU0U+iMatHKZLw=3Qew -----END PGP SIGNATURE-----