[Samba] winbind -t fails to check secret

Hi All,

I have just upgraded from Samba 3.0.7 to 3.0.20 on mandrake 10.1

Before upgrading I could add a machine account and admin (root) user to the password
backend, join to the domain and check the trust secret. All was well.

wbinfo -a name%password would authenticate, as I require for ntlm_auth with squid
(which was working well).

Now with the same layout, I do this :-

Add unix account for machine
nimfm$:x:401:400:Machine Account:/var/lib/samba/machines:/bin/false

add samba account with smbpasswd or pdbedit
pdbedit -m -a -u nimfm

Join the domain
[root@nimfm samba]# net rpc join PDC
Password:
Joined domain NIMFMNET.

[root@nimfm root]# wbinfo -t
checking the trust secret via RPC calls failed
error code was (0x0)
Could not check secret

Winbindd logs shows this when I do wbinfo -t
[2005/11/16 21:40:14, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(35)
[ 0]: check machine account

All password checks via smbclient to a service work as expected.


I have read untill my eyes blurr, checked nsswitch.conf for passwd and group winbind
settings, checked the pam_winbind.so bit are where they should be.

I have started from a clean slate (removing /var/cache/samba/*tdb and
/etc/samba/passwd.tdb and secrets.tdb ), numerous times but get to the same point.


Some funny things are happening with getent It seems that I get 2 lists of passwd or
group ie the users or groups appear twice, and no Domain Groups are listed in getent
group. ?


This is the pdbedit output for the machine account
[root@nimfm samba]# pdbedit -v nimfm$
Unix username: nimfm$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-3407367817-49127962-788306835-1802
Primary Group SID: S-1-5-21-3407367817-49127962-788306835-515
Full Name: Machine Account
Home Directory: \\nimfm\nimfm_\profile
HomeDir Drive:
Logon Script:
Profile Path: \\nimfm\Profiles\nimfm_
Domain: NIMFMNET
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Sat, 14 Dec 1901 07:45:51 GMT
Kickoff time: Sat, 14 Dec 1901 07:45:51 GMT
Password last set: Wed, 16 Nov 2005 21:03:26 GMT
Password can change: Wed, 16 Nov 2005 21:03:26 GMT
Password must change: Sat, 14 Dec 1901 07:45:51 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


And for the auth_user account
[root@nimfm samba]# pdbedit -v root
Unix username: root
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3407367817-49127962-788306835-1000
Primary Group SID: S-1-5-21-3407367817-49127962-788306835-1001
Full Name: root
Home Directory: \\nimfm\root\profile
HomeDir Drive:
Logon Script:
Profile Path: \\nimfm\Profiles\root
Domain: NIMFMNET
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Sat, 14 Dec 1901 07:45:51 GMT
Kickoff time: Sat, 14 Dec 1901 07:45:51 GMT
Password last set: Wed, 16 Nov 2005 19:13:52 GMT
Password can change: Wed, 16 Nov 2005 19:13:52 GMT
Password must change: Sat, 14 Dec 1901 07:45:51 GMT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


[root@nimfm samba]# smbclient -L //NIMFM -Uroot
Password:
Domain=[NIMFMNET] OS=[Unix] Server=[Samba 3.0.20]

Sharename Type Comment
--------- ---- -------
netlogon Disk Network Logon Service
Profiles Disk
IPC$ IPC IPC Service (Samba Server 3.0.20)
ADMIN$ IPC IPC Service (Samba Server 3.0.20)
root Disk Home Directories
Domain=[NIMFMNET] OS=[Unix] Server=[Samba 3.0.20]

Server Comment
--------- -------
NIMFM Samba Server 3.0.20

Workgroup Master
--------- -------
NIMFMNET NIMFM








--
Regards
Greg Matheson
Systems Admin NWT Pty Ltd

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba