[Samba] Re: wbinfo -a not working

Whit Blauvelt whit+samba at transpect.com
Sat Feb 16 20:25:13 GMT 2008 

Similar problem here, running Ubuntu Workstation 7.10 (so, also Debian). But
it looks like I'm failing a stop beyond you.

Works
  kinit
  wbinfo -u
  wbinfo -g 
  wbinfo -t

Fails - but note last line is a different result:
  wbinfo -a whit%<pass>

  plaintext password authentication failed
  error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
  error messsage was: No such user
  Could not authenticate user whit%<passwith plaintext password
  challenge/response password authentication succeeded

However, despite the "succeeded" message there, from another box I see:

  # smbclient //no3/ftp  -Uwhit%<pass                                                                                                      
  Domain=[ABC] OS=[Unix] Server=[Samba 3.0.26a]
  tree connect failed: NT_STATUS_ACCESS_DENIED

And from samba:

[2008/02/16 15:05:30, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [whit] -[whit] -[whit] succeeded
[2008/02/16 15:05:30, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2008/02/16 15:05:30, 2] auth/auth_util.c:create_local_nt_token(914)
  create_local_nt_token: Failed to create BUILTIN\Administrators group!
[2008/02/16 15:05:30, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
[2008/02/16 15:05:30, 2] auth/auth_util.c:create_local_nt_token(941)
  create_local_nt_token: Failed to create BUILTIN\Users group!
[2008/02/16 15:05:30, 2] lib/access.c:check_access(323)
  Allowed connection from  (192.168.1.250)
[2008/02/16 15:05:30, 2] lib/access.c:check_access(323)
  Allowed connection from  (192.168.1.250)
[2008/02/16 15:05:30, 2] smbd/service.c:make_connection_snum(616)
  user 'whit' (from session setup) not permitted to access this share (FTP)

Despite that in smb.conf there is:

[global]
  winbind separator = \
  ...
[FTP]
  valid users = ABC\whit
  ...

In looking around for docs, nothing is complete, nothing is well
cross-referenced with the rest, but this seems among the best:
http://wiki.samba.org/index.php/Samba_&_Active_Directory

I've found some old posts to this list about the BUILTIN stuff I ran into
above, but just the problem reports, no description of the solution - or
even if the errors there have anything to do with the subsequent failure to
recognize that, yes samba, user 'whit' has explicit permission in smb.conf.
It also fails with "winbind use default domain" which reportedly should mean
no need to specify as "ABC\whit" but just "whit" should do. 

I've tried both krb5 and heimdal, with identical results. Curiously I was
able to get it working just if my nsswitch.conf listed _only_ winbind for
passwd: and group: entries - although of course without "compat" or "files"
on that line local system users time out and the system becomes unusable
after a short. The remote login then went fine though, using AD. WTF?

Whit
 
On Sat, Feb 16, 2008 at 05:00:07PM +0100, Rutger Beyen wrote:
>  
> I'm trying to connect my Debian 4 samba box to my Windows 2003Server Active
> Directory.
> I successfully joined the domain, with net ads join. Wireshark captures a
> lot of packets going over the wire, and I get the message "joined the domain
> successfully". In my AD, under 'computers', the samba box appeared. So that
> all works.
> Asking a kerberos ticket for a user with kinit is also successful. So
> kerberos is working fine.
>  
> Wbinfo -u gives me all the users I have in my AD, and wbinfo -g does the
> same with all the groups. wbinfo -t also working fine.
> But when I try wbinfo -a rutger%rutger, I get 
>  
>         plaintext password authentication failed
>     error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
>     error messsage was: No such user
>     Could not authenticate user rutger%rutger with plaintext password
>     challenge/response password authentication failed
>     error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
>     error messsage was: No such user
>     Could not authenticate user rutger with challenge/response
>  
> Same result with wbinfo -K. It says the user does not exist, but it is there
> when I do a wbinfo -u.

More information about the samba mailing list