one site where we use samba3beta2 a nightly machine-password-change rendered winbind unusable (always returning ACCESS_DENIED). once the password has been changed via rpc, winbind has no active NETLOGON-pipe to our dc and is not trying to reestablish one. if you simply check for the validity of your new machine password, the pipe seems to be reestablished. [2003/07/03 11:43:23, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(38) [ 4398]: check machine account [2003/07/03 11:43:23, 3] nsswitch/winbindd_cm.c:connection_ok(202) Connection to MYDC4 for domain MYDOMAIN (pipe \PIPE\NETLOGON) has NULL conn->cli! very easy to reproduce: mthelena:/home/gd # wbinfo -a MYDOMAIN\\SuSEAG%secret plaintext password authentication succeeded challenge/response password authentication succeeded mthelena:/home/gd # net rpc changetrustpw -S mydc4 mthelena:/home/gd # wbinfo -a MYDOMAIN\\SuSEAG%secret plaintext password authentication failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) error messsage was: Access denied Could not authenticate user MYDOMAIN\SuSEAG%secret with plaintext password challenge/response password authentication failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) error messsage was: Access denied Could not authenticate user MYDOMAIN\SuSEAG with challenge/response mthelena:/home/gd # wbinfo -t checking the trust secret via RPC calls succeeded mthelena:/home/gd # wbinfo -a MYDOMAIN\\SuSEAG%secret plaintext password authentication succeeded challenge/response password authentication succeeded
I can't reproduce this using beta2 + the wins-srv-is-dead.patch against a Samba PDC. Will try again using an NT4 PDC.
sorry. i forgot to mention: this was against a native win2k dc. and yes, indeed. wins was marked dead in "net cache list". so i have put the dc in "password server = mydc4".
ok. Reproduced. Working on a fix.
fixed. Checkout nsswitch/winbindd_pam.c from CVS and retest
originally reported against 3.0.0beta1. CLeaning out non-production release versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.