I am out of wits here with RPC and winbindd_pam stuff. What version of samba are you using? Upgrade to 3.0beta1 if that's not the one you are using. If it is, you probably want to file a bug.
On Thursday 12 June 2003 06:37 am, Tod B. Schmidt wrote: > I set the logging for auth and winbind to 10 and this is what I am seeing. > Could this possibly be a problem with the Win2K server looking for an SRV > record or somesuch? It seems like just after it tries to connect to the dc > I get these lines > > [2003/06/12 09:29:17, 0] rpc_parse/parse_prs.c:prs_mem_get(528) > prs_mem_get: reading data of size 2 would overrun buffer. > [2003/06/12 09:29:17, 0] rpc_client/cli_pipe.c:rpc_pipe_bind(1484) > rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA. > > Thanks for any help with this > -Tod Schmidt > > The rest of the log... > > [2003/06/12 09:29:16, 10] nsswitch/winbindd.c:client_write(514) > client_write: need to write 37 extra data bytes. > [2003/06/12 09:29:16, 10] nsswitch/winbindd.c:client_write(469) > client_write: wrote 37 bytes. > [2003/06/12 09:29:16, 10] nsswitch/winbindd.c:client_write(503) > client_write: client_write: complete response written. > [2003/06/12 09:29:16, 6] nsswitch/winbindd.c:new_connection(307) > accepted socket 16 > [2003/06/12 09:29:16, 10] nsswitch/winbindd.c:winbind_client_read(422) > client_read: read 0 bytes. Need 1312 more for a full request. > [2003/06/12 09:29:16, 5] nsswitch/winbindd.c:winbind_client_read(427) > read failed on sock 15, pid 10953: EOF > [2003/06/12 09:29:16, 10] nsswitch/winbindd.c:winbind_client_read(422) > client_read: read 1312 bytes. Need 0 more for a full request. > [2003/06/12 09:29:16, 10] nsswitch/winbindd.c:process_request(272) > process_request: request fn PAM_AUTH > [2003/06/12 09:29:16, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(80) > [10953]: pam auth tschmidt+xxxxxxx > [2003/06/12 09:29:16, 10] nsswitch/winbindd_cm.c:cm_get_dc_name(178) > Creating get_dc_name_cache entry for TNCTEST > [2003/06/12 09:29:16, 4] nsswitch/winbindd_cm.c:cm_ads_find_dc(112) > cm_ads_find_dc: domain=TNCTEST > [2003/06/12 09:29:16, 4] nsswitch/winbindd_cm.c:cm_ads_find_dc(129) > cm_ads_find_dc: using server='DCTEST' IP=10.1.15.80 > [2003/06/12 09:29:16, 3] nsswitch/winbindd_cm.c:cm_get_dc_name(208) > cm_get_dc_name: Returning DC DCTEST (10.1.15.80) for domain TNCTEST > [2003/06/12 09:29:16, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(238) > IPC$ connections done by user TSCHMIDT\xxxxxxx > [2003/06/12 09:29:16, 5] nsswitch/winbindd_cm.c:cm_open_connection(364) > connecting to DCTEST from MAILDEV with username [TSCHMIDT]\[xxxxxxx] > [2003/06/12 09:29:17, 0] rpc_parse/parse_prs.c:prs_mem_get(528) > prs_mem_get: reading data of size 2 would overrun buffer. > [2003/06/12 09:29:17, 0] rpc_client/cli_pipe.c:rpc_pipe_bind(1484) > rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA. > [2003/06/12 09:29:17, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(133) > could not open handle to NETLOGON pipe > [2003/06/12 09:29:17, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth(167) > Plain-text authentication for user tschmidt+xxxxxxx returned > NT_STATUS_NO_LOGON_SERVERS (PAM: 4) > [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:client_write(469) > client_write: wrote 1300 bytes. > [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:winbind_client_read(422) > client_read: read 1312 bytes. Need 0 more for a full request. > [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:process_request(272) > process_request: request fn INFO > [2003/06/12 09:29:17, 3] nsswitch/winbindd_misc.c:winbindd_info(196) > [10953]: request misc info > [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:client_write(469) > client_write: wrote 1300 bytes. > [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:winbind_client_read(422) > client_read: read 1312 bytes. Need 0 more for a full request. > [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:process_request(272) > process_request: request fn AUTH_CRAP > [2003/06/12 09:29:17, 3] > nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(237) [10953]: pam auth crap > domain: TSCHMIDT user: xxxxxxx > [2003/06/12 09:29:17, 10] nsswitch/winbindd_cm.c:cm_get_dc_name(167) > returning positive get_dc_name_cache entry for TNCTEST > [2003/06/12 09:29:17, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(238) > IPC$ connections done by user TSCHMIDT\xxxxxxx > [2003/06/12 09:29:17, 5] nsswitch/winbindd_cm.c:cm_open_connection(364) > connecting to DCTEST from MAILDEV with username [TSCHMIDT]\[xxxxxxx] > [2003/06/12 09:29:17, 0] rpc_parse/parse_prs.c:prs_mem_get(528) > prs_mem_get: reading data of size 2 would overrun buffer. > [2003/06/12 09:29:17, 0] rpc_client/cli_pipe.c:rpc_pipe_bind(1484) > rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA. > [2003/06/12 09:29:17, 3] > nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(292) could not open handle > to NETLOGON pipe (error: NT_STATUS_UNSUCCESSFUL) [2003/06/12 09:29:17, 2] > nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(342) NTLM CRAP > authentication for user [TSCHMIDT]\[xxxxxxx] returned > NT_STATUS_NO_LOGON_SERVERS (PAM: 4) > [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:client_write(469) > client_write: wrote 1300 bytes. > [2003/06/12 09:29:17, 10] nsswitch/winbindd.c:winbind_client_read(422) > client_read: read 0 bytes. Need 1312 more for a full request. > [2003/06/12 09:29:17, 5] nsswitch/winbindd.c:winbind_client_read(427) > read failed on sock 16, pid 10953: EOF > > -----Original Message----- > From: Chere Zhou [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 11, 2003 5:25 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: [Samba] win bind authentication > > > I looked back at your message, and it seems that you can ping, can list > users > and groups, but -t and user login always fail, is that right? That's kind > of > strange to me. Did you do -t and user login with the password server set > too? Maybe you should bump up debug level and send us the logs. > > On Wednesday 11 June 2003 12:51 pm, Tod B. Schmidt wrote: > > I can ping the winbindd and I have tried both with and without the > > password > > > server set. > > > > -Tod > > > > -----Original Message----- > > From: Chere Zhou [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, June 11, 2003 2:42 PM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: Re: [Samba] win bind authentication > > > > > > Is "wbinfo -p" fine? if not, restart winbindd. If still not, try put > > "password server = pdc-name" into your smb.conf and restart again. > > > > On Wednesday 11 June 2003 11:09 am, Tod B. Schmidt wrote: > > > Yes, I can do kinit and then log into my win2k machines with smbclient > > > fine, but cannot log into my samba accounts from my win2k box. > > > > > > I think the fact that winbind -t fails is significant, but I can join > > the > > > > domain fine, so I am not sure what is happening here. > > > > > > [EMAIL PROTECTED] etc]# net join > > > [2003/06/11 14:01:38, 0] libads/ldap.c:ads_join_realm(1352) > > > Host account for maildev already exists - deleting old account > > > Joined 'MAILDEV' to realm 'TNCTEST.ORG' > > > > > > [EMAIL PROTECTED] etc]# wbinfo -t > > > checking the trust secret via RPC calls failed > > > error code was NT_STATUS_UNSUCCESSFUL (0xc0000001) > > > Could not check secret > > > > > > Also, when I list wbinfo -u or getent passwd I get entries that start > > > with TNCTEST and not TNCTEST.ORG, not sure if that is important. > > Kerberos > > > > will not authenticate against the realm TNCTEST so I think it has to be > > > TNCTEST.ORG > > > > > > Thanks, > > > Tod Schmidt > > > > > > > > > -----Original Message----- > > > From: Brandon Lederer [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, June 11, 2003 1:41 PM > > > To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] > > > Subject: RE: [Samba] win bind authentication > > > > > > > > > You guys got the encryption on? > > > > > > -----Original Message----- > > > From: Tod B. Schmidt [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, June 11, 2003 12:38 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [Samba] winbind authentication > > > > > > > > > > > > > > > I am getting this same error when trying to authenticate. Very > > > frustrating because everything else works, wbinfo, getent. I can login > > to > > > > Win2K server wth kerberos, but I always see NT_STATUS_NO_LOGON_SERVERS > > > when trying to authenticate. > > > > > > [EMAIL PROTECTED] etc]# wbinfo -a user+password > > > plaintext password authentication failed > > > error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) > > > error messsage was: No logon servers > > > Could not authenticate user user+password with plaintext password > > > challenge/response password authentication failed > > > error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) > > > error messsage was: No logon servers > > > Could not authenticate user user+password with challenge/response > > > > > > The only other thing that fails is wbinfo -t > > > > > > [EMAIL PROTECTED] etc]# wbinfo -t > > > checking the trust secret via RPC calls failed > > > error code was NT_STATUS_UNSUCCESSFUL (0xc0000001) > > > Could not check secret > > > > > > I have joined the computer to the domain but am just beating my head > > > against this issue. > > > > > > Any thoughts out there? > > > > > > TIA, > > > T Schmidt > > > > > > >>I am having the same issue. I am running Samba 3 Alpha 24 trying to > > > > > > connect to a W2K3 Server with AD. If I getent or chown I can see all my > > > > > > >>domain users, but sshd, login, etc (PAM apps) cant see the accounts. > > > > When > > > > > I try to login to the console as a AD user or SSH I get the following > > > > > > >>in /var/log/messages Jun 2 20:38:58 gonzo pam_winbind[1900]: request > > > > > > failed: No logon servers, PAM error was 4, NT error was > > > > > > >>NT_STATUS_NO_LOGON_SERVERS The issue is when I do wbinfo I can see > > > > > > everything.... My config is as follows: [global] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
