Peter Rosenthal
2007-Nov-27 15:52 UTC
[Samba] Transistive problem with AD logins via winbind
Hello, I am getting transitive problems with logins to CentOS 5 boxes via AD/Kerberos. The winbind log is: [2007/11/26 07:51:07, 1] nsswitch/winbindd_pam.c:winbindd_raw_kerberos_login(571) winbindd_raw_kerberos_login: kinit failed for 'user@TESTDOMAIN.COM' with: Cannot contact any KDC for requested realm (-1765328228) [2007/11/26 07:52:14, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_ACCESS_DENIED received from remote machine dc1.testdomain.com pipe \lsarpc fnum 0xc000! [2007/11/26 07:52:14, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2362) cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT code 0x00000005 [2007/11/26 07:52:14, 1] nsswitch/winbindd_pam.c:winbindd_raw_kerberos_login(571) winbindd_raw_kerberos_login: kinit failed for 'user@TESTDOMAIN.COM' with: Cannot contact any KDC for requested realm (-1765328228) [2007/11/26 08:55:51, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_ACCESS_DENIED received from remote machine dc2.testdomain.com pipe \lsarpc fnum 0x4005! [2007/11/26 08:55:51, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2362) cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT code 0x00000005 [2007/11/26 08:55:51, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_ACCESS_DENIED received from remote machine dc2.testdomain.com pipe \samr fnum 0x4008! [2007/11/26 08:55:51, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2362) cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT code 0x00000005 Can anyone help me understand what this could be caused by? Restarting winbind a couple of times normally resolves the problem. Thanks.