need help for winbind PLEASE

Brunet Eric eric_brunet at ifrance.com
Wed Dec 12 09:23:02 GMT 2001 

hello,

I have some problems to authentificate domain users on a samba server 
(2.2.2, member of same domain).
i read all samba docs and browsed many archives, i didn't see the case 
of samba PDC with samba member, it's always samba member with NT4 or 
WIN2000 PDC.
So my first question is: is it possible???

my situation is following:
-samba PDC(v2.2.2) work fine with all windows clients
-samba member(v2.2.2) it seems correctly configured:
-in smb.conf: security = domain, winbind parameters .....)
-pam : add pam_winbind.so in different files of /etc/pam.d

About winbindd:
#wbinfo -t
Secret is good
#wbinfo -u
...
OFFICE+foo
...
notice: foo is an account of my domain OFFICE
# wbinfo -g
OFFICE+Domain Admins
OFFICE+Domain Users

# wbinfo -r OFFICE+ericb
10003
ok all seems to wrok
BUT:
# wbinfo -a OFFICE+foo%xxxxx
plaintext password authentication succeeded
                                                        """"""""""
challenge/response password authentication failed
                                                                        
""""""
Could not authenticate user OFFICE+foo%xxxxx with challenge/response
Notice: of course there aren't account system "foo" in the samba member 
machine
So why plaintext authentification rocks only??? is it normal????

#wbinfo -m
#
->no response????? it might display OFFICE domain

i give you the log of winbind(with debug option  to 3) when i tried to 
connect at a share directory in the member machine with:
#smbclient //member/test -U foo -W OFFICE
 
the log:
[2001/12/12 19:09:49, 3] 
nsswitch/winbindd_user.c:winbindd_getpwnam_from_user(104)
  [13630]: getpwnam OFFICE+FOO
[2001/12/12 19:09:49, 3] nsswitch/winbindd_util.c:domain_handles_open(187)
  checking domain handles for domain OFFICE
[2001/12/12 19:09:49, 3] nsswitch/winbindd_util.c:debug_conn_state(33)
  server: dc=MAISON, pwdb_init=1, lsa_hnd=1
[2001/12/12 19:09:49, 3] nsswitch/winbindd_util.c:debug_conn_state(39)
  OFFICE: dc=MAISON, got_sid=1, sam_hnd=1 sam_dom_hnd=1
[2001/12/12 19:09:49, 3] 
nsswitch/winbindd_cache.c:get_cache_sequence_number(112)
  CACHESEQ OFFICE/USR/FOO is 1008173647
[2001/12/12 19:09:49, 3] nsswitch/winbindd_cache.c:cache_domain_expired(84)
  seq 1008173647 for OFFICE has expired
                                    """""""""""""""""""
[2001/12/12 19:09:49, 3] 
nsswitch/winbindd_cache.c:cached_sequence_number(67)
  cached sequence number for OFFICE is 1008176371
[2001/12/12 19:09:49, 3] 
nsswitch/winbindd_user.c:winbindd_getpwnam_from_user(104)
  [13630]: getpwnam office+foo
[2001/12/12 19:09:49, 3] 
nsswitch/winbindd_cache.c:get_cache_sequence_number(112)
  CACHESEQ OFFICE/USR/ericb is 1008173647
[2001/12/12 19:09:49, 3] 
nsswitch/winbindd_cache.c:cached_sequence_number(67)
  cached sequence number for OFFICE is 1008176371
[2001/12/12 19:09:49, 3] nsswitch/winbindd_cache.c:cache_domain_expired(84)
  seq 1008173647 for OFFICE has expired
                                 """""""""""""""""""""
[2001/12/12 19:09:49, 3] 
nsswitch/winbindd_cache.c:cached_sequence_number(67)
  cached sequence number for OFFICE is 1008176371
[2001/12/12 19:09:50, 3] nsswitch/winbindd_group.c:winbindd_getgroups(908)
  [13630]: getgroups office+foo
[2001/12/12 19:09:50, 3] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(187)
  [13630]: uid to sid 10000
[2001/12/12 19:09:50, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(224)
  [13630]: gid to sid 10000
[2001/12/12 19:09:50, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(224)
  [13630]: gid to sid 10003
[2001/12/12 19:10:00, 3] nsswitch/winbindd_group.c:winbindd_setgrent(396)
  [13634]: setgrent
[2001/12/12 19:10:00, 3] nsswitch/winbindd_group.c:winbindd_getgrent(567)
  [13634]: getgrent
[2001/12/12 19:10:00, 3] nsswitch/winbindd_group.c:winbindd_getgrent(567)
  [13634]: getgrent
[2001/12/12 19:10:00, 3] nsswitch/winbindd_group.c:winbindd_endgrent(449)
  [13634]: endgrent
[2001/12/12 19:10:30, 3] nsswitch/winbindd_util.c:establish_connections(350)
  establishing connections
[2001/12/12 19:10:30, 3] nsswitch/winbindd_util.c:debug_conn_state(33)
  server: dc=MAISON, pwdb_init=1, lsa_hnd=1

notice: MAISON is the domain controller.

-the log for the client which execute the smbclient:

[2001/12/12 17:30:05, 0] 
rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411)
  cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD
[2001/12/12 17:30:05, 0] smbd/password.c:domain_client_validate(1608)
  domain_client_validate: unable to validate password for user FOO in 
domain OFFICE to Domain controller MAISON. Error was 
NT_STATUS_WRONG_PASSWORD.



big thx for your help :)

More information about the samba-ntdom mailing list