On Wed, May 27, 2009 at 5:22 PM, Mailing pigna <luca...@gmail.com> wrote: > Hi all. > I have a problem whith winbind authentication. > I have 2 samba domains, DOMA and DOMB, and these domains have trust in one > another. > > On both pdc winbind is installed. > > I installed a proxy server using squid with ntlm authentication. I install > on the server: > squid > samba > winbind > I have modify the smb.conf on proxy: > [global] > workgroup = DOMA > server string = PROXY DOMA > password server = xxx.xxx.xxx.xxx,yyy.yyy.yyy.yyy > security = domain > encrypt passwords = yes > winbind separator = + > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = No > log level = 2 > log file = /var/log/samba/%m.log > max log size = 100000 > socket options = TCP_NODELAY > wins server = xxx.xxx.xxx.xxx > > I have run this comand: > #net rpc join -S PDC1 -U Administrator > and the proxy server as joined in the domain > Now this command executed successful: > #wbinfo -t > checking the trust secret via RPC calls succeeded > #wbinfo -u > DOMA+user1 > DOMA+user2 > DOMA+user3 > DOMA+user4 > ecc. ecc. > #wbinfo -a DOMA+user1%pwduser1 > plaintext password authentication succeeded > challenge/response password authentication succeeded > Until here everything ok. > Every now and then but it seems that winbind loses the domain and users are > no longer able to navigate. > This is the log of winbind: > [2009/05/27 12:54:21, 1] > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) > cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR > received from remote machine SERVERA pipe \lsarpc fnum 0x74f0! > [2009/05/27 12:54:28, 1] > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) > cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR > received from remote machine SERVERA pipe \lsarpc fnum 0x751a! > [2009/05/27 14:48:36, 0] libsmb/clientgen.c:cli_receive_smb(111) > Receiving SMB: Server stopped responding > [2009/05/27 14:48:36, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) > rpc_api_pipe: Remote machine SERVERA pipe \NETLOGON fnum 0x751ereturned > critical error. Error was Call timed out: server did not respon > d after 10000 milliseconds > [2009/05/27 14:48:36, 2] > nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931) > NTLM CRAP authentication for user [DOMA]\[gonzaga] returned > NT_STATUS_IO_TIMEOUT (PAM: 4) > [2009/05/27 14:48:36, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386) > cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x751b to machine > SERVERA. Error was Call timed out: server did not respond a > fter 1000 milliseconds > [2009/05/27 14:48:36, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386) > cli_rpc_pipe_close: cli_close failed on pipe \lsarpc, fnum 0x751c to > machine SERVERA. Error was Call timed out: server did not respond > after 500 milliseconds > [2009/05/27 14:48:36, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386) > cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x751e to > machine SERVERA. Error was Call timed out: server did not respo > nd after 500 milliseconds > [2009/05/27 14:48:46, 0] libsmb/clientgen.c:cli_receive_smb(111) > Receiving SMB: Server stopped responding > [2009/05/27 14:48:57, 0] libsmb/clientgen.c:cli_receive_smb(111) > Receiving SMB: Server stopped responding > [2009/05/27 14:49:07, 0] libsmb/clientgen.c:cli_receive_smb(111) > Receiving SMB: Server stopped responding > [2009/05/27 14:49:07, 2] > nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931) > NTLM CRAP authentication for user [DOMA]\[user1] returned > NT_STATUS_IO_TIMEOUT (PAM: 4) > [2009/05/27 14:49:26, 2] > nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931) > NTLM CRAP authentication for user [DOMA]\[user2] returned > NT_STATUS_NO_LOGON_SERVERS (PAM: 9) > [2009/05/27 14:49:32, 2] > nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931) > NTLM CRAP authentication for user [DOMA]\[user3] returned > NT_STATUS_NO_LOGON_SERVERS (PAM: 9) > [2009/05/27 14:49:50, 2] > nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931) > NTLM CRAP authentication for user [DOMA]\[user4] returned > NT_STATUS_NO_LOGON_SERVERS (PAM: 9) > [2009/05/27 14:49:52, 2] > nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931) > NTLM CRAP authentication for user [DOMA]\[user4] returned > NT_STATUS_NO_LOGON_SERVERS (PAM: 9) > [2009/05/27 14:50:36, 4] nsswitch/winbindd_dual.c:fork_domain_child(1080) > child daemon request 47 > [2009/05/27 14:50:36, 8] nsswitch/winbindd_cm.c:connection_ok(1515) > connection_ok: Connection to for domain DOMA has NULL cli! > [2009/05/27 14:50:36, 5] libsmb/namequery.c:saf_fetch(136) > saf_fetch: Returning "SERVERA" for "DOMA" domain > [2009/05/27 14:50:36, 5] libads/dns.c:sitename_fetch(706) > sitename_fetch: No stored sitename for > [2009/05/27 14:50:36, 5] libsmb/namecache.c:namecache_fetch(214) > name SERVERA#20 found. > [2009/05/27 14:50:36, 6] libsmb/clientgen.c:write_socket(152) > write_socket(18,72) > [2009/05/27 14:50:36, 6] libsmb/clientgen.c:write_socket(155) > write_socket(18,72) wrote 72 > [2009/05/27 14:50:36, 5] libsmb/cliconnect.c:cli_session_request(1407) > Sent session request > > If restart winbind on proxy server browsing resumed without problems. > > Can you help? > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
there was a post " samba two way trusts and winbind" few days ago. That may be your case. Liutauras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba