Gaiseric Vandal
2007-May-30 20:07 UTC
[Samba] Samba 3.025 wbinfo checking the trust secret via RPC calls failed
I have compiled Samba 3.0.25a from source on a Solaris 10 machine. I
had previously been testing Samba 3.0.24 (from packages on
www.sunfreeware.com) and have reused the smb.conf file. Otherwise
this is a clean setup, not an upgrade.
The server is configured as a PDC for my domain "SAMBADOMAIN"
I created a samba password for the local root and administrator accounts.
I joined the server machine to its own domain
pdc# net join sambadomain -U root
Password:
Joined domain SAMBADOMAIN
pdc# bin/net rpc testjoin
Join to SAMBADOMAIN is OK
gopher#
I joined a Windows 2003 server to the domain. All seems weel.
I tried establish trusts with another domain. Either way this fails
with a warning that the trust password was incorrect. going
back a step, I tried to verify the trust to my own domain.
pdc # ./wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
Could not check secret
pdc# ./wbinfo --own-domain -t
SAMBADOMAIN
checking the trust secret via RPC calls failed
error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
Could not check secret
This had worked with Samba 3.0.24. Not sure if this is a winbind
issue. my smb.conf file includes the following:
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
Thanks
Gaiseric Vandal
2007-May-31 21:53 UTC
[Samba] Fwd: Samba 3.025 wbinfo checking the trust secret via RPC calls failed
Some additional info
The unix-level (non samba) authentication is configure for LDAP via
the /etc/nswitch.conf file. I also have openldap installed from
sunfreeware, although it doesn't seem to have a pkgconfig file. I am
not using LDAP authentication within samba. I was able to create
samba accounts with pdbedit whether they were local or network
accounts.
Configuration gave me the following ..
# ./configure --prefix=/usr/local/samba.3025a
OR
# ./configure --prefix=/usr/local/samba.3025a --with-ldap=no
..
configure: WARNING: netinet/ip.h: present but cannot be compiled
configure: WARNING: netinet/ip.h: check for missing prerequisite headers?
configure: WARNING: netinet/ip.h: see the Autoconf documentation
configure: WARNING: netinet/ip.h: section "Present But Cannot Be
Compiled"
configure: WARNING: netinet/ip.h: proceeding with the preprocessor's result
configure: WARNING: netinet/ip.h: in the future, the compiler will
take precedence
make command have be lots of warnings about "option -o appears more
than once."
...
make
...
ld: warning: option -o appears more than once, first setting taken
Compiling nsswitch/winbind_nss_solaris.c
Compiling nsswitch/winbind_nss_linux.c
Linking nsswitch/libnss_winbind.so
ld: warning: option -o appears more than once, first setting taken
Compiling nsswitch/wins.c
Linking nsswitch/libnss_wins.so
..
I joined 2 Windows 2003 machines to the domain. I was able to log as
"administrator" and "root" but no other accounts, whether
local or
not. The user accounts them self seem OK- it just seems to be a
winbind or trusts issue.
# net user info myusername --server pdc --user
"sambadomain\administrator"
Password: xxxx
myusergroup
# tail log.winbindd-idmap
[2007/05/31 16:29:51, 3] nsswitch/winbindd_async.c:winbindd_dual_sid2gid(xyz)
[ 6403]: sid to gid S-wxyz
[2007/05/31 16:29:51, 3] nsswitch/winbindd_async.c:winbindd_dual_sid2gid(xyz)
[ 6403]: sid to gid S-wxyz
[2007/05/31 16:29:51, 3] nsswitch/winbindd_async.c:winbindd_dual_sid2gid(xyz)
[ 6403]: sid to gid S-wxyz
[2007/05/31 16:29:51, 3] nsswitch/winbindd_async.c:winbindd_dual_sid2gid(xyz)
[ 6403]: sid to gid S-wxyz
[2007/05/31 16:35:52, 3] nsswitch/winbindd_dual.c:child_read_request(51)
Got invalid request length: 0
I tried building the software on another solaris 10 machine (which is
the LDAP server but is itself NOT an ldap client) but got the same
"configure" errors.
I even tried running the autogen.sh file first.
I had no problem when I compiled 3.0.22. I don't think I saw this
with 3.0.25 either.
Thanks
---------- Forwarded message ----------
From: Gaiseric Vandal <gaiseric.vandal@gmail.com>
Date: May 30, 2007 4:07 PM
Subject: Samba 3.025 wbinfo checking the trust secret via RPC calls failed
To: samba@lists.samba.org
I have compiled Samba 3.0.25a from source on a Solaris 10 machine. I
had previously been testing Samba 3.0.24 (from packages on
www.sunfreeware.com) and have reused the smb.conf file. Otherwise
this is a clean setup, not an upgrade.
The server is configured as a PDC for my domain "SAMBADOMAIN"
I created a samba password for the local root and administrator accounts.
I joined the server machine to its own domain
pdc# net join sambadomain -U root
Password:
Joined domain SAMBADOMAIN
pdc# bin/net rpc testjoin
Join to SAMBADOMAIN is OK
gopher#
I joined a Windows 2003 server to the domain. All seems weel.
I tried establish trusts with another domain. Either way this fails
with a warning that the trust password was incorrect. going
back a step, I tried to verify the trust to my own domain.
pdc # ./wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
Could not check secret
pdc# ./wbinfo --own-domain -t
SAMBADOMAIN
checking the trust secret via RPC calls failed
error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
Could not check secret
This had worked with Samba 3.0.24. Not sure if this is a winbind
issue. my smb.conf file includes the following:
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
Thanks
Jean-Jacques Moulis
2007-Jun-01 07:45 UTC
[Samba] Fwd: Samba 3.025 wbinfo checking the trust secret via RPC calls failed
On Thu, 31 May 2007 17:53:10 -0400 Gaiseric Vandal <gaiseric.vandal@gmail.com> wrote: GV> I joined 2 Windows 2003 machines to the domain. I was able to log as GV> "administrator" and "root" but no other accounts, whether local or GV> not. The user accounts them self seem OK- it just seems to be a GV> winbind or trusts issue. You are, perhaps, looking at the wrong place! Are you trying to log in with remote desktop? In this case users have to be members of the "Remote Desktop Users" group. try to log in att the console to see if it make a difference! Regards! -- Jean-Jacques Moulis Tel: (013) 281684 ISY Fax: (013) 139282 Link?ping University E-mail: jj@isy.liu.se 581 83 Link?ping
Gerald (Jerry) Carter
2007-Jun-01 12:03 UTC
[Samba] Samba 3.025 wbinfo checking the trust secret via RPC calls failed
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gaiseric Vandal wrote:> pdc # ./wbinfo -t > checking the trust secret via RPC calls failed > error code was NT_STATUS_INVALID_HANDLE (0xc0000008) > Could not check secretKnown issue. I'll fix this for 3.0.25b. In the middle of server upgrades right now so I cannot point you at the open bug erport. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGYAsZIR7qMdg1EfYRAk9VAJ99603aN1+B4NiX41K8Hol2IjF94ACg1bVp ESkOL27tzpbrP5+dBiPUct4=jEGi -----END PGP SIGNATURE-----
Gaiseric Vandal
2007-Jun-01 15:46 UTC
[Samba] Fwd: Samba 3.025 wbinfo checking the trust secret via RPC calls failed
This affects local logins as well as RDP. On 6/1/07, Jean-Jacques Moulis <jj@isy.liu.se> wrote:> On Thu, 31 May 2007 17:53:10 -0400 Gaiseric Vandal <gaiseric.vandal@gmail.com> wrote: > > GV> I joined 2 Windows 2003 machines to the domain. I was able to log as > GV> "administrator" and "root" but no other accounts, whether local or > GV> not. The user accounts them self seem OK- it just seems to be a > GV> winbind or trusts issue. > > You are, perhaps, looking at the wrong place! > > Are you trying to log in with remote desktop? > In this case users have to be members of the "Remote Desktop Users" group. > > try to log in att the console to see if it make a difference! > > Regards! > > > -- > Jean-Jacques Moulis Tel: (013) 281684 > ISY Fax: (013) 139282 > Link?ping University E-mail: jj@isy.liu.se > 581 83 Link?ping >