John H Terpstra wrote:
On Monday 23 May 2005 12:59, Sean Kennedy wrote:
John H Terpstra wrote:
On Monday 23 May 2005 11:23, Sean Kennedy wrote:
Hi all,
Thus far, I have managed to get wbinfo -[u|g] to display users/group
correctly, and getent passwd/group works. However, wbinfo -t fails to
work, giving me this error:
[EMAIL PROTECTED] samba]# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret
Check the security settings on the ADS domain contollers. It looks like it
may have been locked down to prevent remote access.
- John T.
I don't know if it helps, but when I run winbindd -i -d3 and I do
`wbinfo -t`, this is the feedback I get from winbind:
DC-1 is refusing the connection. The security settings on it need to be opened
up.
- John T.
Hi John,
I'm sorry John, I'm not seeing the setting you are referring to. Would
this setting affect one machine while 2 others are able to communicate
fine?
After reading through my output, this almost sounds like a signing error
on the communications, which leads me to suspect that samba/kerberos
doesn't have the require encryption somewhere along the way. The reason
I think that is because I see stuff like this in my logs:
client_check_incoming_message: BAD SIG: wanted SMB signature of
[000] 65 83 B8 05 F9 ED C7 08 e.......
client_check_incoming_message: BAD SIG: got SMB signature of
[000] DA 3C 6A 63 E5 B9 1F 82 .<jc....
And then, further down, this:
srv_check_incoming_message: signing negotiated but not required and peer
isn't sending correct signatures. Turning off.
Could this be caused by what you were mentioning earlier? I'm looking
under the GP/Window Settings/Security Settings/Local Policies/Security
Options and User Rights. Is that the right place to find what you are
referring to?
Thanks again for your help
Sean
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
