I'm running into a NT_STATUS_NO_LOGON_SERVERS while trying to authenticate using winbind. I've tried this using four machines, all of which worked under Samba3.0-Alpha23. wbinfo -u returns with a valid user list, the net ads testjoin works correctly. wbinfo -t fails as well as a manual attempt to authenticate using wbinfo -a. I've already sent my smb.conf and log.winbindd to Jeremy. This is pretty much a showstopper for our implementation. Thanks! Jared Ask Jeeves
Another useful bit of info...it DOES in fact attempt a connection to the correct domain controller...tons of smb signing errors in the winbind log.
What version of Kerberos are you using? You need one that supports a working RC4-HMAC implementation like MIT kerb5 1.3. I've tested locally with MIT Kerb5 1.3.1 and everything works correctly.
Created attachment 162 [details] Winbind log (Level 9), Wbinfo -t
Tried it with MIT Keberos 1.3.1, still no success.... Wbinfo -u still works however the wbinfo -t command still fails as well as authentication when trying to conenct to a share..... I've flushed my logs and created a clean winbindd log for the wbinfo -t command. Hopefully this helps... Thank you very much for your attention to this!
The log file shows signing errors. I'm pretty sure that this is going to turn out to be a local configuration issue. Are you sure that the resulting smbd is linked with the correct version of the MIT libs?
Jerry- I'm inclined to agree. I re-compiled the 3.0.0 version and am able to authenticate using winbind and the wbinfo -a command. Wbinfo -t works as well. However, now when a user tries to connect to the share i have set up, winbind still fails out with the NT_STATUS_NO_LOGON_SERVERS. Any ideas? Because I'm using RedHat 9, I can't out and out replace my kerberos with 1.3, rather i've compiled and installed it into /usr, and kept the red hat one in place under /usr/kerberos. As always, thanks for your assistance.
OK, i've gotten past the NO_LOGON_SERVERS issue...but the only way i can get this beast to work (authenticating inbound users using ADS) is to maintain user accounts on the host....it does check their password against the AD, but if there isn't already a matching username on the linux machine, it comes back and challenges over and over. This was not the behaviour in alpha23, which was the last working version i've used.
Jerry- After doing tons of comparision between my working install and the 3.0.0 version, I discovered that I was missing the libnss_winbind.so.2 and pam_winbind.so libraries! I'm not sure why they're not compiling on my system, but i was able to take them from the RPM and set up the links myself. It is now behaving as I expect it to! please close this one out! I realize that I may have already taken up too much of your time, and I really appreciate it! Thanks for your help on this issue!
w00t! configuration issues. Closing this one out. Thanks for letting me know.
database cleanup