We use samba PDC and squid+winbindd+ntlm_auth on the same server. After update samba from 3.0.14a up to 3.0.20 ntlm_auth does not work. Also wbinfo got error: # wbinfo -t checking the trust secret via RPC calls failed error code was (0x0) Could not check secret winbindd log: cm_get_ipc_userpass: No auth-user defined Serverzone is -14400 Using cleartext machine password cli_net_req_chal: LSA Request Challenge from SERVER to \\SERVER cred_session_key cred_create cli_net_auth2: srv:\\SERVER acct:WORKGROUP$ sc:6 mc: SERVER neg: 400701ff could not open handle to NETLOGON pipe Checking the trust account password returned NT_STATUS_ACCESS_DENIED Small patch Small patch solves this problem: --- nsswitch/winbindd_cm.c.orig Sun Sep 11 00:30:27 2005 +++ nsswitch/winbindd_cm.c Sun Sep 11 00:45:44 2005 @@ -1175,7 +1175,8 @@ /* if we are a DC and this is a trusted domain, then we need to use our domain name in the net_req_auth2() request */ - if ( IS_DC ) { + if ( IS_DC && !strequal(domain->name, lp_workgroup()) && + lp_allow_trusted_domains() ) { account_name = talloc_asprintf( mem_ctx, "%s$", lp_workgroup() ); } else { after that: # wbinfo -t checking the trust secret via RPC calls succeeded winbindd log: cm_get_ipc_userpass: No auth-user defined Serverzone is -14400 Using cleartext machine password cli_net_req_chal: LSA Request Challenge from SERVER to \\SERVER cred_session_key cred_create cli_net_auth2: srv:\\SERVER acct:SERVER$ sc:6 mc: SERVER neg: 400701ff cred_create cred_assert secret is good Thanks!
Yup. Looks right to me.