[Samba] Re: AD on 2003R2 NT_STATUS_NO_SUCH_USER

[Matt Anderson]

Jason Gerfen <jason.gerfen <at> scl.utah.edu> writes:

> 
> Have you tried to look at the user account information using ldapsearch? 
> Just to ensure the POSIX account data is present in AD.
> 
> If you are attempting to authenticate as a domain user try the username 
> as DOMAIN\Username.
> 

Hi Jason,

Thanks for the quick reply.  I haven't tried using ldapsearch, but I have used
the lsldap command to list the attributes for test01 (which includes the R2
rfc2307 schema):
aixplay1-root /opt/pware/bin > lsldap -a passwd test01 
dn: CN=test01,OU=MIS,OU=Temecula-CA,OU=People,DC=test,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: test01
givenName: test01
distinguishedName: CN=test01,OU=MIS,OU=Temecula-CA,OU=People,DC=test,DC=local
instanceType: 4
whenCreated: 20080807000211.0Z
whenChanged: 20080808170937.0Z
displayName: test01
uSNCreated: 20660
uSNChanged: 32974
name: test01
objectGUID: |*[_B
Ud''
VQ
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 128626909010102324
lastLogoff: 0
lastLogon: 128629403833937446
pwdLastSet: 128626889779722918
primaryGroupID: 513
objectSid:
accountExpires: 9223372036854775807
logonCount: 28
sAMAccountName: test01
sAMAccountType: 805306368
userPrincipalName: test01 at test.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=test,DC=local
dSCorePropagationData: 20080807001936.0Z
dSCorePropagationData: 20080807001936.0Z
dSCorePropagationData: 20080807001936.0Z
dSCorePropagationData: 20080807001150.0Z
dSCorePropagationData: 16010108151056.0Z
uid: test01
msSFU30Name: test01
msSFU30NisDomain: test
uidNumber: 50002
gidNumber: 1
unixHomeDirectory: /home/test01
loginShell: /usr/bin/ksh

And then regarding using the domain in the username (such as DOMAIN\user) -- I
have tried that on the Windows side, and that's what's failing.  However, if
you're referring the wbinfo tests, it's failing with the same
NT_STATUS_NO_SUCH_USER error:
aixplay1-root /opt/pware/bin > wbinfo -a TEST\test01%password
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user TESTtest01%password with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user TESTtest01 with challenge/response

I'm not sure why it's removing the '\' in the error message between the domain
and the username, but I also tried it with two backslashes, and a forward slash,
and they all failed.

What am I missing here?

Thanks again for your help,
Matt