I posted about a winbind/PAM issue earlier and discovered that the auth portion of pam_winbind is what was causing my failures. I receive the following message when trying to authenticate sshd or login with the auth pam_winbind module:
Jun 3 20:43:04 gonzo pam_winbind[14850]: request failed: No logon servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS Jun 3 20:43:04 gonzo pam_winbind[14850]: internal module error (retval = 4, user = `TECHFORTIFY+administrator' Jun 3 20:43:04 gonzo sshd(pam_unix)[14850]: check pass; user unknown Jun 3 20:44:56 gonzo sshd(pam_unix)[14850]: 1 more authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=10.143.200.200 In another message on the list I noticed someone said they had tried net -t and it was successful. I decided to try it and it failed. This may be the source of my problem: [EMAIL PROTECTED] bin]# ./wbinfo -u TECHFORTIFY+administrator TECHFORTIFY+Guest TECHFORTIFY+krbtgt TECHFORTIFY+cmw [EMAIL PROTECTED] bin]# ./wbinfo -g\ > TECHFORTIFY+Domain Computers TECHFORTIFY+Domain Controllers TECHFORTIFY+Schema Admins TECHFORTIFY+Enterprise Admins TECHFORTIFY+Domain Admins TECHFORTIFY+Domain Users TECHFORTIFY+Domain Guests TECHFORTIFY+Group Policy Creator Owners [EMAIL PROTECTED] bin]# ./wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_UNSUCCESSFUL (0xc0000001) Could not check secret [EMAIL PROTECTED] bin]# /usr/kerberos/bin/kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: [EMAIL PROTECTED] bin]# ./net ads join [2003/06/03 20:51:24, 0] libads/ldap.c:ads_join_realm(1352) Host account for gonzo already exists - deleting old account Joined 'GONZO' to realm 'AD.TECHFORTIFY.NET' [EMAIL PROTECTED] bin]# ./wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_UNSUCCESSFUL (0xc0000001) Could not check secret As you can see I tried re-joining the domain and still failed. Any have any ideas as to what is causing this issue? If I remove auth pointing at winbind it lets me login but it is very unhappy. Chet Wisniewski [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
