On Monday 23 May 2005 12:59, Sean Kennedy wrote: > John H Terpstra wrote: > >On Monday 23 May 2005 11:23, Sean Kennedy wrote: > >>Hi all, > >> > >>Thus far, I have managed to get wbinfo -[u|g] to display users/group > >>correctly, and getent passwd/group works. However, wbinfo -t fails to > >>work, giving me this error: > >> > >>[EMAIL PROTECTED] samba]# wbinfo -t > >>checking the trust secret via RPC calls failed > >>error code was NT_STATUS_ACCESS_DENIED (0xc0000022) > >>Could not check secret > > > >Check the security settings on the ADS domain contollers. It looks like it > > may have been locked down to prevent remote access. > > > >- John T. > > I don't know if it helps, but when I run winbindd -i -d3 and I do > `wbinfo -t`, this is the feedback I get from winbind:
DC-1 is refusing the connection. The security settings on it need to be opened up. - John T. > > [ 1990]: request interface version > [ 1990]: request location of privileged pipe > [ 1990]: check machine account > Connected to LDAP server 192.168.1.3 > got ldap server name [EMAIL PROTECTED], using bind path: dc=BOCA,dc=PRI > IPC$ connections done anonymously > Connecting to host=DC-1 > Connecting to 192.168.1.3 at port 445 > Doing spnego session setup (blob length=102) > got OID=1 2 840 48018 1 2 2 > got OID=1 2 840 113554 1 2 2 > got OID=1 2 840 113554 1 2 2 3 > got OID=1 3 6 1 4 1 311 2 2 10 > got [EMAIL PROTECTED] > Doing kerberos session setup > Ticket in ccache[MEMORY:cliconnect] expiration Mon, 23 May 2005 21:57:08 > GMT failed tcon_X with NT_STATUS_ACCESS_DENIED > Connecting to host=DC-1 > Connecting to 192.168.1.3 at port 445 > Doing spnego session setup (blob length=102) > got OID=1 2 840 48018 1 2 2 > got OID=1 2 840 113554 1 2 2 > got OID=1 2 840 113554 1 2 2 3 > got OID=1 3 6 1 4 1 311 2 2 10 > got [EMAIL PROTECTED] > Doing kerberos session setup > Ticket in ccache[MEMORY:cliconnect] expiration Mon, 23 May 2005 21:57:08 > GMT failed tcon_X with NT_STATUS_ACCESS_DENIED > Connecting to host=DC-1 > Connecting to 192.168.1.3 at port 445 > Doing spnego session setup (blob length=102) > got OID=1 2 840 48018 1 2 2 > got OID=1 2 840 113554 1 2 2 > got OID=1 2 840 113554 1 2 2 3 > got OID=1 3 6 1 4 1 311 2 2 10 > got [EMAIL PROTECTED] > Doing kerberos session setup > Ticket in ccache[MEMORY:cliconnect] expiration Mon, 23 May 2005 21:57:08 > GMT failed tcon_X with NT_STATUS_ACCESS_DENIED > Could not open a connection to BOCA for \PIPE\NETLOGON > (NT_STATUS_ACCESS_DENIED) > could not open handle to NETLOGON pipe > Checking the trust account password returned NT_STATUS_ACCESS_DENIED > > > > Don't know if this helps or not, but if it does, here you go. ( Names > were not changed to protect the innocent :) ) > > Sean -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba