[Samba] Half of visible AD user accounts have no info using wbinfo -i, logins fail

Rob Carlson rob at vees.net
Thu Oct 11 15:36:42 GMT 2007 

I have a Debian server linked to Active Directory for authentication 
using winbindd.  About a month after installation one of the users 
reported not being able to access a share on this machine.  The same 
user is able to use AD credentials to access all shares on a practically 
identical second server.  I couldn't swear that all config files are 
identical down to the line, but it is also using winbindd and Samba for 
file share access and was set up the same day as the non-working one.

Other users on the same machine are not having access issues.

>From that server I run the following command:

# for user in `wbinfo -u`; do wbinfo -i $user; done

I get a list of the 70-some usernames, about half of which are:

Could not get info for user NETWORKPUB\user1

and half of which come up with the correct info line of:

DOMAIN\user2:*:515:500:User Two:/home/DOMAIN/user2:/bin/false

On the working machine, this command returns all correct info lines.

I can't see any particular pattern to which usernames fail, but a number 
of them _may_ be recently added users.  A test user that I added this 
morning is one of the failures.

The Samba logs when the authentication fails look like this:

[2007/10/11 09:19:51, 3] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
   NativeOS=[Windows Server 2003 R2 3790 Service Pack 1] NativeLanMan=[] 
PrimaryDomain=[Windows Server 2003 R2 5.2]
[2007/10/11 09:19:51, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
   Got user=[user1] domain=[DOMAIN] workstation=[WS01] len1=24 len2=24
[2007/10/11 09:19:51, 3] auth/auth.c:check_ntlm_password(221)
   check_ntlm_password:  Checking password for unmapped user 
[DOMAIN]\[user1]@[WS01] with the new password interface
[2007/10/11 09:19:51, 3] auth/auth.c:check_ntlm_password(224)
   check_ntlm_password:  mapped user is: [DOMAIN]\[user1]@[WS01]
[2007/10/11 09:19:51, 3] smbd/sec_ctx.c:push_sec_ctx(208)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/10/11 09:19:51, 3] smbd/uid.c:push_conn_ctx(353)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/10/11 09:19:51, 3] smbd/sec_ctx.c:set_sec_ctx(241)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/10/11 09:19:51, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/10/11 09:19:58, 2] auth/auth.c:check_ntlm_password(319)
   check_ntlm_password:  Authentication for user [user1] -> [user1] FAILED 
with error NT_STATUS_NO_SUCH_USER
[2007/10/11 09:19:58, 3] smbd/error.c:error_packet(146)

I have restarted winbindd, samba, refreshed my Kerberos tickets, and 
rebooted the machine (in various combinations) to no avail.

Any advice would be greatly appreciated.

--
Rob Carlson  rob at vees.net  http://vees.net/

More information about the samba mailing list