[Samba] ntlm_auth = NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)
I had to downgrade samba on a rh5.5 instance due to ntlm_auth not working properly: https://bugzilla.redhat.com/show_bug.cgi?format=multipleid=561325 Now, when I add the computer to the domain ('net ads join –U Administrator') it seems to work, is visible on the AD interface, but the logs show an error: Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:idmap_alloc_init(589) Nov 11 16:03:22 rhclient winbindd[4483]: ERROR: Initialization failed for alloc backend, deferred! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) Nov 11 16:03:22 rhclient winbindd[4483]: idmap_alloc module ldap already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) Nov 11 16:03:22 rhclient winbindd[4483]: idmap_alloc module tdb already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap(149) Nov 11 16:03:22 rhclient winbindd[4483]: Idmap module passdb already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap(149) Nov 11 16:03:22 rhclient winbindd[4483]: Idmap module nss already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:idmap_alloc_init(589) Nov 11 16:03:22 rhclient winbindd[4483]: ERROR: Initialization failed for alloc backend, deferred! Nov 11 16:03:22 rhclient pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0 Not Found And wbinfo gives me nothing – so I am assuming there is a problem: [r...@rhclient samba]# wbinfo -u [r...@rhclient samba]# wbinfo -g [r...@rhclient samba]# When trying to do a ntlm_auth, I get a funky error as well: [r...@rhclient samba]# ntlm_auth --request-nt-key --domain=VMSECLAB.CABLE.COMCAST.COM --username=user password: NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e) Yet, there is a login server in the samba.conf, and dns/reverse dns works: [r...@rhclient samba]# grep 'password server' /etc/samba/smb.conf password server = ad.vmseclab.cable.com [r...@rhclient samba]# nslookup ad.vmseclab.cable.com Server: 10.252.159.138 Address: 10.252.159.138#53 Name: ad.vmseclab.cable.com Address: 10.252.159.138 [r...@rhclient samba]# nslookup 10.252.159.138 Server: 10.252.159.138 Address: 10.252.159.138#53 138.159.252.10.in-addr.arpa name = ad.vmseclab.cable.com. The samba logs show this when trying to ntlm_auth: == /var/log/samba/log.winbindd-dc-connect == [2010/11/11 16:16:55, 1] libads/cldap.c:recv_cldap_netlogon(157) no reply received to cldap netlogon [2010/11/11 16:16:55, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC [2010/11/11 16:16:55, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC [2010/11/11 16:17:25, 1] libads/cldap.c:recv_cldap_netlogon(157) no reply received to cldap netlogon [2010/11/11 16:17:25, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC [2010/11/11 16:17:25, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC Has anyone seen this, or have any clue what could be happening? It seems like my DC does not have cldap open/working? What port does that run over? If its normal ldap(389), I can telnet to that fine. I am out of ideas, any help would be appreciated. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ntlm_auth = NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)
security = domain or security = user? I had problems with winbind using security = user.. I can't remember properly it's been a while.. On 11/11/2010 04:22 PM, Rowley, Mathew wrote: I had to downgrade samba on a rh5.5 instance due to ntlm_auth not working properly: https://bugzilla.redhat.com/show_bug.cgi?format=multipleid=561325 Now, when I add the computer to the domain ('net ads join –U Administrator') it seems to work, is visible on the AD interface, but the logs show an error: Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:idmap_alloc_init(589) Nov 11 16:03:22 rhclient winbindd[4483]: ERROR: Initialization failed for alloc backend, deferred! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) Nov 11 16:03:22 rhclient winbindd[4483]: idmap_alloc module ldap already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) Nov 11 16:03:22 rhclient winbindd[4483]: idmap_alloc module tdb already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap(149) Nov 11 16:03:22 rhclient winbindd[4483]: Idmap module passdb already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap(149) Nov 11 16:03:22 rhclient winbindd[4483]: Idmap module nss already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:idmap_alloc_init(589) Nov 11 16:03:22 rhclient winbindd[4483]: ERROR: Initialization failed for alloc backend, deferred! Nov 11 16:03:22 rhclient pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0 Not Found And wbinfo gives me nothing – so I am assuming there is a problem: [r...@rhclient samba]# wbinfo -u [r...@rhclient samba]# wbinfo -g [r...@rhclient samba]# When trying to do a ntlm_auth, I get a funky error as well: [r...@rhclient samba]# ntlm_auth --request-nt-key --domain=VMSECLAB.CABLE.COMCAST.COM --username=user password: NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e) Yet, there is a login server in the samba.conf, and dns/reverse dns works: [r...@rhclient samba]# grep 'password server' /etc/samba/smb.conf password server = ad.vmseclab.cable.com [r...@rhclient samba]# nslookup ad.vmseclab.cable.com Server: 10.252.159.138 Address: 10.252.159.138#53 Name: ad.vmseclab.cable.com Address: 10.252.159.138 [r...@rhclient samba]# nslookup 10.252.159.138 Server: 10.252.159.138 Address: 10.252.159.138#53 138.159.252.10.in-addr.arpa name = ad.vmseclab.cable.com. The samba logs show this when trying to ntlm_auth: == /var/log/samba/log.winbindd-dc-connect== [2010/11/11 16:16:55, 1] libads/cldap.c:recv_cldap_netlogon(157) no reply received to cldap netlogon [2010/11/11 16:16:55, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC [2010/11/11 16:16:55, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC [2010/11/11 16:17:25, 1] libads/cldap.c:recv_cldap_netlogon(157) no reply received to cldap netlogon [2010/11/11 16:17:25, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC [2010/11/11 16:17:25, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC Has anyone seen this, or have any clue what could be happening? It seems like my DC does not have cldap open/working? What port does that run over? If its normal ldap(389), I can telnet to that fine. I am out of ideas, any help would be appreciated. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ntlm_auth = NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)
security = ads I am really just trying to get ntlm_auth to work in order to proxy AD requests with FreeRadius... http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO On 11/11/10 2:26 PM, Aaron E. ssures...@gmail.com wrote: security = domain or security = user? I had problems with winbind using security = user.. I can't remember properly it's been a while.. On 11/11/2010 04:22 PM, Rowley, Mathew wrote: I had to downgrade samba on a rh5.5 instance due to ntlm_auth not working properly: https://bugzilla.redhat.com/show_bug.cgi?format=multipleid=561325 Now, when I add the computer to the domain ('net ads join U Administrator') it seems to work, is visible on the AD interface, but the logs show an error: Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:idmap_alloc_init(589) Nov 11 16:03:22 rhclient winbindd[4483]: ERROR: Initialization failed for alloc backend, deferred! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) Nov 11 16:03:22 rhclient winbindd[4483]: idmap_alloc module ldap already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) Nov 11 16:03:22 rhclient winbindd[4483]: idmap_alloc module tdb already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap(149) Nov 11 16:03:22 rhclient winbindd[4483]: Idmap module passdb already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:smb_register_idmap(149) Nov 11 16:03:22 rhclient winbindd[4483]: Idmap module nss already registered! Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22, 0] winbindd/idmap.c:idmap_alloc_init(589) Nov 11 16:03:22 rhclient winbindd[4483]: ERROR: Initialization failed for alloc backend, deferred! Nov 11 16:03:22 rhclient pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0 Not Found And wbinfo gives me nothing so I am assuming there is a problem: [r...@rhclient samba]# wbinfo -u [r...@rhclient samba]# wbinfo -g [r...@rhclient samba]# When trying to do a ntlm_auth, I get a funky error as well: [r...@rhclient samba]# ntlm_auth --request-nt-key --domain=VMSECLAB.CABLE.COMCAST.COM --username=user password: NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e) Yet, there is a login server in the samba.conf, and dns/reverse dns works: [r...@rhclient samba]# grep 'password server' /etc/samba/smb.conf password server = ad.vmseclab.cable.com [r...@rhclient samba]# nslookup ad.vmseclab.cable.com Server: 10.252.159.138 Address: 10.252.159.138#53 Name: ad.vmseclab.cable.com Address: 10.252.159.138 [r...@rhclient samba]# nslookup 10.252.159.138 Server: 10.252.159.138 Address: 10.252.159.138#53 138.159.252.10.in-addr.arpa name = ad.vmseclab.cable.com. The samba logs show this when trying to ntlm_auth: == /var/log/samba/log.winbindd-dc-connect== [2010/11/11 16:16:55, 1] libads/cldap.c:recv_cldap_netlogon(157) no reply received to cldap netlogon [2010/11/11 16:16:55, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC [2010/11/11 16:16:55, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC [2010/11/11 16:17:25, 1] libads/cldap.c:recv_cldap_netlogon(157) no reply received to cldap netlogon [2010/11/11 16:17:25, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC [2010/11/11 16:17:25, 1] libads/ldap.c:ads_find_dc(427) ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), trying to find another DC Has anyone seen this, or have any clue what could be happening? It seems like my DC does not have cldap open/working? What port does that run over? If its normal ldap(389), I can telnet to that fine. I am out of ideas, any help would be appreciated. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba