Okay, I'm having some weird Windbind issues. Here's my plea below:


Okay, here's my setup:

SLES9 | Samba Version 3.0.4 | Winbind | W2K3-SP1 Active Directory Domain

I have kerberos configured properly, I can successfully run this command=
:

# knit domainuser
domainuser@TESTDOMAIN.ORG's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week

and succesfully joined the domain;

# net ads join -U administrator

and here's my smb.conf:
----------------------------------------------------------------------
[global]
workgroup =3D TESTDOMAIN
server string =3D Test File Server
encrypt passwords =3D yes
netbios name =3D sambatest
realm =3D TESTDOMAIN.ORG
security =3D ADS
password server =3D server.testdomain.org
=
=
=20
### WINBIND CONFIG ###
client schannel =3D no
template shell =3D /bin/bash
template homedir =3D /domainusers/%U
winbind uid =3D 10000-20000
winbind gid =3D 10000-20000
winbind enum users =3D yes
winbind enum groups =3D yes
winbind cache time =3D 5
winbind use default domain =3D yes
### END WINBIND CONFIG ###
=
=
=20
veto files =3D /.*/
veto oplock files =3D /*.doc/*.xls/*.mdb/
interfaces =3D 192.168.110.182/24
allow hosts =3D 192.168.100. 192.168.110. 192.168.1.
=
=
=
=
=20
[homes]
comment =3D Home Directories
browseable =3D No
read only =3D No
=
=
=20
[data1]
comment =3D Test Data 1
path =3D /company/data1
valid users =3D @domaingroup1
browseable =3D no
public =3D no
=
=
=20
[data2]
comment =3D Test Data 2
path =3D /company/data2
valid users =3D @domaingroup2
browseable =3D no
public =3D no
------------------------------------------------------------------

And this is what is going on:

When I start Windbind,Samba, everything seems to be working fine by resu=
lts of the following commands and results:

# wbinfo -t
checking the trust secret via RPC calls succeeded

# wbinfo -a domainuser%password
plaintext password authentication succeeded
challenge/response password authentication succeeded

# smbclient //localhost/data1 -U domainuser
Password:
Domain=3D[TESTDOMAIN] OS=3D[Unix] Server=3D[Samba 3.0.4-SUSE]
smb: \>

# wbinfo -u
domainuser1
domainuser2
domianuser3

# wbinfo -g
domaingroup1
domaingroup2
domaingroup3

# getent passwd
domainuser:x:10023:10001omain User:/domainusers/domainuser:/bin/bash

# getent group
domaingroup1:x:10033:domainuser1,domainuser2

# chgrp domaingroup1 data1



then about five minutes later, then everything starts to fail:

# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT=5FSTATUS=5FMORE=5FPROCESSING=5FREQUIRED (0xc0000016)
Could not check secret

# wbinfo -a domainuser%password
plaintext password authentication failed
error code was NT=5FSTATUS=5FMORE=5FPROCESSING=5FREQUIRED (0xc0000016)
error messsage was: NT=5FSTATUS=5FMORE=5FPROCESSING=5FREQUIRED
Could not authenticate user golden%ali0197 with plaintext password
challenge/response password authentication failed
error code was NT=5FSTATUS=5FACCESS=5FDENIED (0xc0000022)
error messsage was: winbind client not authorized to use winbindd=5Fpam=
=5Fauth=5Fcrap. Ensure permissions on /var/lib/samba/winbindd=5Fprivile=
ged are set correctly.Could not authenticate user golden with challenge/=
response

# smbclient //localhost/data1 -U domainuser
session setup failed: NT=5FSTATUS=5FMORE=5FPROCESSING=5FREQUIRED
did you forget to run kinit=3F

Strangely, when I run kinit, everything returns fine and I'm able to get=
a ticket.

but the following commands still runs successfully:

# wbinfo -u
domainuser1
domainuser2
domainuser3

# wbinfo -g
domaingroup1
domaingroup2
domaingroup3

Then when I restart winbind, everything works again, then five minutes l=
ater, nothing!

Something weird is going on with Winbind or I'm probably missing somethi=
ng. It took me two weeks of reading documentation, google searches, and=
man pages to get this current configuration going and I'm about drained=
on this issue. Any help would be greatly appreciated. Thanks in advan=
ce.

- Delamatrix

=20
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba