Doug Sampson
2006-Sep-06 16:00 UTC
FW: [Samba] authenticating using winbindd against NT4 domain fail s (URGENT)
Hi folks,
Can anyone shed light on this issue? I haven't heard from you guys. Is there
anything else I could do to expedite resolution of this issue? I've read the
WHATSNEW.txt and reviewed the release notes. I am not sure if I've fully
grasped what needs to be done. Can someone point me in the right direction?
~Doug
-----Original Message-----
From: Doug Sampson [mailto:dougs@dawnsign.com]
Sent: Tuesday, September 05, 2006 09:59 PM
To: 'samba@lists.samba.org'
Subject: [Samba] authenticating using winbindd against NT4 domain fails
Since version 3.0.23b, I have been having trouble getting Windows & OSX
users to access an NT domain member server running FreeBSD 5.4. It is now at
3.0.23c (installed this morning the 5th).
root@aries:/usr/local/lib# net rpc user
Password:
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_NO_LOGON_SERVERS
root@aries:/usr/local/lib# net rpc user
Password:
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_NO_LOGON_SERVERS
root@aries:/usr/local/lib# net rpc testjoin -U root
Join to 'DSP' is OK
root@aries:/usr/local/lib# net rpc info
Password:
Domain Name: DSP
Domain SID: S-1-5-21-2008768363-1786319642-1659389152
Sequence number: 16744
Num users: 116
Num domain groups: 16
Num local groups: 1
root@aries:/usr/local/lib# net rpc testjoin
Join to 'DSP' is OK
root@aries:/usr/local/lib# wbinfo -u >>> works OK
root@aries:/usr/local/lib# wbinfo -g >>> works OK
root@aries:/usr/local/lib# tail -n 25 /var/log/samba/log.wb-DSP
cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error
NT_STATUS_BUFFER_TOO_SMALL
[2006/09/05 20:07:07, 0] nsswitch/winbindd_dual.c:child_read_request(49)
Got invalid request length: 0
[2006/09/05 20:08:22, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265)
cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error
NT_STATUS_BUFFER_TOO_SMALL
[2006/09/05 20:23:42, 0] nsswitch/winbindd_dual.c:child_read_request(49)
Got invalid request length: 0
[2006/09/05 20:25:00, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265)
cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error
NT_STATUS_BUFFER_TOO_SMALL
[2006/09/05 21:00:06, 0] nsswitch/winbindd_dual.c:child_read_request(49)
Got invalid request length: 0
[2006/09/05 21:00:06, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265)
cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error
NT_STATUS_BUFFER_TOO_SMALL
[2006/09/05 21:00:06, 0] lib/util_sock.c:write_data(564)
write_data: write failure. Error = Broken pipe
[2006/09/05 21:00:06, 0] nsswitch/winbindd_dual.c:fork_domain_child(825)
Could not write result
[2006/09/05 21:00:06, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265)
cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error
NT_STATUS_BUFFER_TOO_SMALL
[2006/09/05 21:00:06, 0] lib/util_sock.c:write_data(564)
write_data: write failure. Error = Broken pipe
[2006/09/05 21:00:06, 0] nsswitch/winbindd_dual.c:fork_domain_child(825)
Could not write result
[2006/09/05 21:00:06, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265)
cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe \lsarpc failed with error
NT_STATUS_BUFFER_TOO_SMALL
root@aries:/usr/local/lib# tail -n 25 /var/log/messages
Sep 5 20:25:00 aries winbindd[640]: [2006/09/05 20:25:00, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265)
Sep 5 20:25:00 aries winbindd[640]: cli_rpc_pipe_open_noauth:
rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL
Sep 5 20:25:11 aries apcupsd[557]: apcupsd 3.12.3 (26 April 2006) freebsd
startup succeeded
Sep 5 21:00:06 aries nmbd[627]: [2006/09/05 21:00:06, 0]
nmbd/nmbd.c:terminate(58)
Sep 5 21:00:06 aries nmbd[627]: Got SIGTERM: going down...
Sep 5 21:00:06 aries winbindd[640]: [2006/09/05 21:00:06, 0]
nsswitch/winbindd_dual.c:child_read_request(49)
Sep 5 21:00:06 aries winbindd[640]: Got invalid request length: 0
Sep 5 21:00:06 aries winbindd[862]: [2006/09/05 21:00:06, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265)
Sep 5 21:00:06 aries winbindd[862]: cli_rpc_pipe_open_noauth:
rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL
Sep 5 21:00:06 aries nmbd[847]: [2006/09/05 21:00:06, 0]
nmbd/nmbd.c:terminate(58)
Sep 5 21:00:06 aries nmbd[847]: Got SIGTERM: going down...
Sep 5 21:00:06 aries winbindd[862]: [2006/09/05 21:00:06, 0]
lib/util_sock.c:write_data(564)
Sep 5 21:00:06 aries winbindd[862]: write_data: write failure. Error Broken
pipe
Sep 5 21:00:06 aries winbindd[862]: [2006/09/05 21:00:06, 0]
nsswitch/winbindd_dual.c:fork_domain_child(825)
Sep 5 21:00:06 aries winbindd[862]: Could not write result
Sep 5 21:00:06 aries winbindd[921]: [2006/09/05 21:00:06, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265)
Sep 5 21:00:06 aries winbindd[921]: cli_rpc_pipe_open_noauth:
rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL
Sep 5 21:00:06 aries nmbd[906]: [2006/09/05 21:00:06, 0]
nmbd/nmbd.c:terminate(58)
Sep 5 21:00:06 aries nmbd[906]: Got SIGTERM: going down...
Sep 5 21:00:06 aries winbindd[921]: [2006/09/05 21:00:06, 0]
lib/util_sock.c:write_data(564)
Sep 5 21:00:06 aries winbindd[921]: write_data: write failure. Error Broken
pipe
Sep 5 21:00:06 aries winbindd[921]: [2006/09/05 21:00:06, 0]
nsswitch/winbindd_dual.c:fork_domain_child(825)
Sep 5 21:00:06 aries winbindd[921]: Could not write result
Sep 5 21:00:06 aries winbindd[979]: [2006/09/05 21:00:06, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2265)
Sep 5 21:00:06 aries winbindd[979]: cli_rpc_pipe_open_noauth:
rpc_pipe_bind for pipe \lsarpc failed with error NT_STATUS_BUFFER_TOO_SMALL
root@aries:/usr/local/lib# vi /etc/nsswitch.conf
passwd: files winbind
passwd_compat: nis
group: files winbind
group_compat: nis
hosts: files dns winbind
networks: files
shells: files
root@aries:/usr/local/lib# ll *win*
lrwxr-xr-x 1 root wheel 18 Sep 5 09:28 libnss_winbind.so ->
./nss_winbind.so.1
lrwxr-xr-x 1 root wheel 18 Sep 5 09:28 libnss_winbind.so.1 ->
./nss_winbind.so.1
lrwxr-xr-x 1 root wheel 18 Sep 5 09:28 libnss_winbind.so.2 ->
./nss_winbind.so.1
lrwxr-xr-x 1 root wheel 15 Sep 5 09:25 libnss_wins.so ->
./nss_wins.so.1
lrwxr-xr-x 1 root wheel 15 Sep 5 09:26 libnss_wins.so.1 ->
./nss_wins.so.1
lrwxr-xr-x 1 root wheel 15 Sep 5 09:26 libnss_wins.so.2 ->
./nss_wins.so.1
-r-xr-xr-x 1 root wheel 16696 Jul 14 14:29 nss_winbind.ol1
lrwxr-xr-x 1 root wheel 18 Sep 5 09:30 nss_winbind.so ->
./nss_winbind.so.1
-r-xr-xr-x 1 root wheel 18232 Sep 5 09:13 nss_winbind.so.1
lrwxr-xr-x 1 root wheel 18 Sep 5 09:30 nss_winbind.so.2 ->
./nss_winbind.so.1
-r-xr-xr-x 1 root wheel 18232 Aug 28 18:23 nss_winbind.so.ol2
-rwxr-xr-x 1 root wheel 23057 Sep 15 2005 nss_winbind.so.old
lrwxr-xr-x 1 root wheel 15 Sep 5 09:31 nss_wins.so ->
./nss_wins.so.1
-r-xr-xr-x 1 root wheel 745440 Sep 5 09:13 nss_wins.so.1
lrwxr-xr-x 1 root wheel 15 Sep 5 09:31 nss_wins.so.2 ->
./nss_wins.so.1
-r-xr-xr-x 1 root wheel 745184 Aug 28 20:26 nss_wins.so.bkup
-r-xr-xr-x 1 root wheel 744448 Jul 14 14:31 nss_wins.so.ol1
-rwxr-xr-x 1 root wheel 813451 Sep 15 2005 nss_wins.so.old
-r-xr-xr-x 1 root wheel 33416 Sep 5 09:13 pam_winbind.so
When a Windows attempts to connect to Aries using Windows Explorer and
browsing through the Network Neighborhood, the user receives the following
message:
\\ARIES is not accessible.
There are currently no logon servers available to service the logon request.
root@aries:/usr/local/lib# testparm -s
Load smb config files from /usr/local/etc/smb.conf
Processing section "[homes]"
Processing section "[macdata]"
Processing section "[backup]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
[global]
workgroup = DSP
server string = Samba %v
security = DOMAIN
password server = altair gemini
log file = /var/log/samba/log.%m
max log size = 50
smb ports = 139
max xmit = 65535
deadtime = 15
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=4096 SO_SNDBUF=4096
os level = 33
local master = No
dns proxy = No
wins server = 192.168.1.1
idmap uid = 15000-20000
idmap gid = 15000-20000
template homedir = /usr/home/%D/%U
template shell = /bin/bash
winbind separator = -
winbind enum users = Yes
winbind enum groups = Yes
hosts allow = 192.168.1., 192.168.2., 127., 10.8.0.
[homes]
comment = Home Directories
read only = No
create mask = 0700
directory mask = 0700
browseable = No
[macdata]
comment = Production Data
path = /data
valid users = DSP-alfredo, DSP-matte, DSP-michaelm, DSP-becky,
DSP-marlah, DSP-doug, @production
force group = @DSP-production
read only = No
create mask = 0770
force create mode = 0660
directory mask = 0770
force directory mode = 02770
guest ok = Yes
hide files /_*/:*/.*/.AppleDB/.AppleDouble/.bin/.AppleDesktop/Network
Trash
Folder/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary
Items/.DS_Store/
vfs objects = netatalk
[backup]
comment = backup volume
path = /backup
valid users = "@DSP-domain admins", DSP-doug
read only = No
create mask = 0774
directory mask = 0774
force directory mode = 0774
I understand that the winbind behavior has changed in 3.0.23x (or 3.0.22?)
but it was my impression that nothing had changed in the way a Samba member
server authenticates against a NT4 PDC using winbindd. What might I be doing
wrong here?
~Doug
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Doug Sampson
2006-Sep-06 23:35 UTC
FW: [Samba] authenticating using winbindd against NT4 domain fail s (URGENT)
> > Can anyone shed light on this issue? I haven't heard > > from you guys. Is there anything else I could do to > > expedite resolution of this issue? I've read the > > WHATSNEW.txt and reviewed the release notes. I > > am not sure if I've fully grasped what needs > > to be done. Can someone point me in the right > > direction? > > Is this an NT 4.0 or a mixed mode AD domain? Is the DC running > NT 4.0 SP6 ? > > If there is a bug here, it is neither a known issue or > intended behaviorThis is a pure NT 4.0 domain. Yes, all DCs are running NT 4.0 SP6. ~Doug
Doug Sampson
2006-Sep-07 20:24 UTC
FW: [Samba] authenticating using winbindd against NT4 domain fail s (URGENT)
> > > Can anyone shed light on this issue? I haven't heard > > > from you guys. Is there anything else I could do to > > > expedite resolution of this issue? I've read the > > > WHATSNEW.txt and reviewed the release notes. I > > > am not sure if I've fully grasped what needs > > > to be done. Can someone point me in the right > > > direction? > > > > Is this an NT 4.0 or a mixed mode AD domain? Is the DC running > > NT 4.0 SP6 ? > > > > If there is a bug here, it is neither a known issue or > > intended behavior > > This is a pure NT 4.0 domain. Yes, all DCs are running NT 4.0 SP6. >So how do I go about fixing this or filing a bug report? I could use some assistance either way. ~Doug
Felipe Augusto van de Wiel
2006-Sep-18 14:16 UTC
FW: [Samba] authenticating using winbindd against NT4 domain fail s (URGENT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/06/2006 01:00 PM, Doug Sampson escreveu:> Hi folks, > > Can anyone shed light on this issue? I haven't heard from you guys. Is there > anything else I could do to expedite resolution of this issue? I've read the > WHATSNEW.txt and reviewed the release notes. I am not sure if I've fully > grasped what needs to be done. Can someone point me in the right direction?It is just a guess, but if you try to increase the SO_SNDBUF and SO_RCVBUF for something like 8192 does it solve the problem?> ~DougKind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFDqPzCj65ZxU4gPQRAo7NAJ99Y7gTuD01Mpr3SxW7QnCoJD6ZeQCgohXU uYWPEpQWcZU0U+iMatHKZLw=3Qew -----END PGP SIGNATURE-----