In 3.0.25rc wbinfo -t always returns checking the trust secret via RPC calls failed error code was NT_STATUS_INVALID_HANDLE (0xc0000008) checking squid logins via ntlm_auth fails. But downgrading to 3.0.24 solves the problem. I've got one Samba server on the network, as a PDC, and running winbindd on the same machine.
There was an old bug here. Apparently something regressed. Please attach a gzipped tarball of level 10 logs (i.e. log.{winbindd*,wb-*}) from winbindd.
Created attachment 2730 [details] Winbidd logs with 3.0.25a What I see from this that a "could not open handle to NETLOGON pipe" message. I used log level=10 winbind:15 in smb.conf The version string is from the Suse 10.2 spec file, but I compiled (made an rpm) Samba 3.0.25a without any patches, just the released tarball.
The same problem for me.
*** Bug 4740 has been marked as a duplicate of this bug. ***
not enough information in the log files. Need at least a level 10. I'll try to reproduce this locally.
Created attachment 2782 [details] don't mark the SAM domain on a DC as internal
I'm not sure the patch as described in the attachment above is really good. I applied and tested it, and found that winbindd takes about 35 seconds startup time until the wbinfo call is serviced. In contrast, the preliminary patch I proposed in bug 4740 (forcing the domain to external in cm_connect_netlogon() only) makes winbindd start servicing immediately.
(In reply to comment #7) > I'm not sure the patch as described in the attachment above is really good. I > applied and tested it, and found that winbindd takes about 35 seconds startup > time until the wbinfo call is serviced. In contrast, the preliminary patch I > proposed in bug 4740 (forcing the domain to external in cm_connect_netlogon() > only) makes winbindd start servicing immediately. I'll look into the delay but your proposed patch is changing the internal flag in the wrong place. Some domain should always be considered internal as they are handled by the winbindd_passdb.c methods.
Thanks, the patch makes winbindd working. There's a slight delay with the wbinfo -t command. The smbd logs when the delay occurs (about 10 secs, but somteimes 35 secs): [2007/07/03 00:06:51, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/07/03 00:06:51, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/07/03 00:06:51, 10] lib/util_pw.c:getpwnam_alloc(76) Got serv1$ from pwnam_cache [2007/07/03 00:06:51, 10] lib/util_pw.c:getpwnam_alloc(76) Got serv1$ from pwnam_cache [2007/07/03 00:06:51, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [serv1$] [2007/07/03 00:07:01, 5] passdb/lookup_sid.c:gid_to_sid(1354) gid_to_sid: winbind failed to find a sid for gid 515 [2007/07/03 00:07:01, 5] auth/auth_util.c:make_server_info_sam(623) make_server_info_sam: made server info for user serv1$ -> serv1$ But I have group 515 mapped, net groupmap list shows the mapping.
I did more testing, and the delay occurs in (altough not every time) every winbind request (wbinfo -u, -g, ntlm_auth).
Some more testing (by the users of a live system :) revealed that not just the winbindd authentication requests are delayed, but every request does (so browsing the server in Windows is a pain).
can you confirm that this issue is fixed in current samba versions for you also?