I set the logging for auth and winbind to 10 and this is what I am seeing. Could this possibly be a problem with the Win2K server looking for an SRV record or somesuch? It seems like just after it tries to connect to the dc I get these lines
[2003/06/12 09:29:17, 0] rpc_parse/parse_prs.c:prs_mem_get(528) prs_mem_get: reading data of size 2 would overrun buffer. [2003/06/12 09:29:17, 0] rpc_client/cli_pipe.c:rpc_pipe_bind(1484) rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA. Thanks for any help with this -Tod Schmidt The rest of the log... [2003/06/12 09:29:16, 10] nsswitch/winbindd.c:client_write(514) client_write: need to write 37 extra data bytes. [2003/06/12 09:29:16, 10] nsswitch/winbindd.c:client_write(469) client_write: wrote 37 bytes. [2003/06/12 09:29:16, 10] nsswitch/winbindd.c:client_write(503) client_write: client_write: complete response written. [2003/06/12 09:29:16, 6] nsswitch/winbindd.c:new_connection(307) accepted socket 16 [2003/06/12 09:29:16, 10] nsswitch/winbindd.c:winbind_client_read(422) client_read: read 0 bytes. Need 1312 more for a full request. [2003/06/12 09:29:16, 5] nsswitch/winbindd.c:winbind_client_read(427) read failed on sock 15, pid 10953: EOF [2003/06/12 09:29:16, 10] nsswitch/winbindd.c:winbind_client_read(422) client_read: read 1312 bytes. Need 0 more for a full request. [2003/06/12 09:29:16, 10] nsswitch/winbindd.c:process_request(272) process_request: request fn PAM_AUTH [2003/06/12 09:29:16, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(80) [10953]: pam auth tschmidt+xxxxxxx [2003/06/12 09:29:16, 10] nsswitch/winbindd_cm.c:cm_get_dc_name(178) Creating get_dc_name_cache entry for TNCTEST [2003/06/12 09:29:16, 4] nsswitch/winbindd_cm.c:cm_ads_find_dc(112) cm_ads_find_dc: domain=TNCTEST [2003/06/12 09:29:16, 4] nsswitch/winbindd_cm.c:cm_ads_find_dc(129) cm_ads_find_dc: using server='DCTEST' IP=10.1.15.80 [2003/06/12 09:29:16, 3] nsswitch/winbindd_cm.c:cm_get_dc_name(208) cm_get_dc_name: Returning DC DCTEST (10.1.15.80) for domain TNCTEST [2003/06/12 09:29:16, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(238) IPC$ connections done by user TSCHMIDT\xxxxxxx [2003/06/12 09:29:16, 5] nsswitch/winbindd_cm.c:cm_open_connection(364) connecting to DCTEST from MAILDEV with username [TSCHMIDT]\[xxxxxxx] [2003/06/12 09:29:17, 0] rpc_parse/parse_prs.c:prs_mem_get(528) prs_mem_get: reading data of size 2 would overrun buffer. [2003/06/12 09:29:17, 0] rpc_client/cli_pipe.c:rpc_pipe_bind(1484) rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA. [2003/06/12 09:29:17, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(133) could not open handle to NETLOGON pipe [2003/06/12 09:29:17, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth(167) Plain-text authentication for user tschmidt+xxxxxxx returned NT_STATUS_NO_LOGON_SERVERS (PAM: 4) [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:client_write(469) client_write: wrote 1300 bytes. [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:winbind_client_read(422) client_read: read 1312 bytes. Need 0 more for a full request. [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:process_request(272) process_request: request fn INFO [2003/06/12 09:29:17, 3] nsswitch/winbindd_misc.c:winbindd_info(196) [10953]: request misc info [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:client_write(469) client_write: wrote 1300 bytes. [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:winbind_client_read(422) client_read: read 1312 bytes. Need 0 more for a full request. [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:process_request(272) process_request: request fn AUTH_CRAP [2003/06/12 09:29:17, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(237) [10953]: pam auth crap domain: TSCHMIDT user: xxxxxxx [2003/06/12 09:29:17, 10] nsswitch/winbindd_cm.c:cm_get_dc_name(167) returning positive get_dc_name_cache entry for TNCTEST [2003/06/12 09:29:17, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(238) IPC$ connections done by user TSCHMIDT\xxxxxxx [2003/06/12 09:29:17, 5] nsswitch/winbindd_cm.c:cm_open_connection(364) connecting to DCTEST from MAILDEV with username [TSCHMIDT]\[xxxxxxx] [2003/06/12 09:29:17, 0] rpc_parse/parse_prs.c:prs_mem_get(528) prs_mem_get: reading data of size 2 would overrun buffer. [2003/06/12 09:29:17, 0] rpc_client/cli_pipe.c:rpc_pipe_bind(1484) rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA. [2003/06/12 09:29:17, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(292) could not open handle to NETLOGON pipe (error: NT_STATUS_UNSUCCESSFUL) [2003/06/12 09:29:17, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(342) NTLM CRAP authentication for user [TSCHMIDT]\[xxxxxxx] returned NT_STATUS_NO_LOGON_SERVERS (PAM: 4) [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:client_write(469) client_write: wrote 1300 bytes. [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:winbind_client_read(422) client_read: read 0 bytes. Need 1312 more for a full request. [2003/06/12 09:29:17, 5] nsswitch/winbindd.c:winbind_client_read(427) read failed on sock 16, pid 10953: EOF -----Original Message----- From: Chere Zhou [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 5:25 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] win bind authentication I looked back at your message, and it seems that you can ping, can list users and groups, but -t and user login always fail, is that right? That's kind of strange to me. Did you do -t and user login with the password server set too? Maybe you should bump up debug level and send us the logs. On Wednesday 11 June 2003 12:51 pm, Tod B. Schmidt wrote: > I can ping the winbindd and I have tried both with and without the password > server set. > > -Tod > > -----Original Message----- > From: Chere Zhou [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 11, 2003 2:42 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: [Samba] win bind authentication > > > Is "wbinfo -p" fine? if not, restart winbindd. If still not, try put > "password server = pdc-name" into your smb.conf and restart again. > > On Wednesday 11 June 2003 11:09 am, Tod B. Schmidt wrote: > > Yes, I can do kinit and then log into my win2k machines with smbclient > > fine, but cannot log into my samba accounts from my win2k box. > > > > I think the fact that winbind -t fails is significant, but I can join the > > domain fine, so I am not sure what is happening here. > > > > [EMAIL PROTECTED] etc]# net join > > [2003/06/11 14:01:38, 0] libads/ldap.c:ads_join_realm(1352) > > Host account for maildev already exists - deleting old account > > Joined 'MAILDEV' to realm 'TNCTEST.ORG' > > > > [EMAIL PROTECTED] etc]# wbinfo -t > > checking the trust secret via RPC calls failed > > error code was NT_STATUS_UNSUCCESSFUL (0xc0000001) > > Could not check secret > > > > Also, when I list wbinfo -u or getent passwd I get entries that start > > with TNCTEST and not TNCTEST.ORG, not sure if that is important. Kerberos > > will not authenticate against the realm TNCTEST so I think it has to be > > TNCTEST.ORG > > > > Thanks, > > Tod Schmidt > > > > > > -----Original Message----- > > From: Brandon Lederer [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, June 11, 2003 1:41 PM > > To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] > > Subject: RE: [Samba] win bind authentication > > > > > > You guys got the encryption on? > > > > -----Original Message----- > > From: Tod B. Schmidt [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, June 11, 2003 12:38 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Samba] winbind authentication > > > > > > > > > > I am getting this same error when trying to authenticate. Very > > frustrating because everything else works, wbinfo, getent. I can login to > > Win2K server wth kerberos, but I always see NT_STATUS_NO_LOGON_SERVERS > > when trying to authenticate. > > > > [EMAIL PROTECTED] etc]# wbinfo -a user+password > > plaintext password authentication failed > > error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) > > error messsage was: No logon servers > > Could not authenticate user user+password with plaintext password > > challenge/response password authentication failed > > error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) > > error messsage was: No logon servers > > Could not authenticate user user+password with challenge/response > > > > The only other thing that fails is wbinfo -t > > > > [EMAIL PROTECTED] etc]# wbinfo -t > > checking the trust secret via RPC calls failed > > error code was NT_STATUS_UNSUCCESSFUL (0xc0000001) > > Could not check secret > > > > I have joined the computer to the domain but am just beating my head > > against this issue. > > > > Any thoughts out there? > > > > TIA, > > T Schmidt > > > > >>I am having the same issue. I am running Samba 3 Alpha 24 trying to > > > > connect to a W2K3 Server with AD. If I getent or chown I can see all my > > > > >>domain users, but sshd, login, etc (PAM apps) cant see the accounts. > > When > > > I try to login to the console as a AD user or SSH I get the following > > >>in /var/log/messages Jun 2 20:38:58 gonzo pam_winbind[1900]: request > > failed: No logon servers, PAM error was 4, NT error was > > > > >>NT_STATUS_NO_LOGON_SERVERS The issue is when I do wbinfo I can see > > > > everything.... My config is as follows: [global] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
