need help for winbind PLEASE
Brunet Eric
eric_brunet at ifrance.com
Wed Dec 12 09:23:02 GMT 2001
hello,
I have some problems to authentificate domain users on a samba server
(2.2.2, member of same domain).
i read all samba docs and browsed many archives, i didn't see the case
of samba PDC with samba member, it's always samba member with NT4 or
WIN2000 PDC.
So my first question is: is it possible???
my situation is following:
-samba PDC(v2.2.2) work fine with all windows clients
-samba member(v2.2.2) it seems correctly configured:
-in smb.conf: security = domain, winbind parameters .....)
-pam : add pam_winbind.so in different files of /etc/pam.d
About winbindd:
#wbinfo -t
Secret is good
#wbinfo -u
...
OFFICE+foo
...
notice: foo is an account of my domain OFFICE
# wbinfo -g
OFFICE+Domain Admins
OFFICE+Domain Users
# wbinfo -r OFFICE+ericb
10003
ok all seems to wrok
BUT:
# wbinfo -a OFFICE+foo%xxxxx
plaintext password authentication succeeded
""""""""""
challenge/response password authentication failed
""""""
Could not authenticate user OFFICE+foo%xxxxx with challenge/response
Notice: of course there aren't account system "foo" in the samba member
machine
So why plaintext authentification rocks only??? is it normal????
#wbinfo -m
#
->no response????? it might display OFFICE domain
i give you the log of winbind(with debug option to 3) when i tried to
connect at a share directory in the member machine with:
#smbclient //member/test -U foo -W OFFICE
the log:
[2001/12/12 19:09:49, 3]
nsswitch/winbindd_user.c:winbindd_getpwnam_from_user(104)
[13630]: getpwnam OFFICE+FOO
[2001/12/12 19:09:49, 3] nsswitch/winbindd_util.c:domain_handles_open(187)
checking domain handles for domain OFFICE
[2001/12/12 19:09:49, 3] nsswitch/winbindd_util.c:debug_conn_state(33)
server: dc=MAISON, pwdb_init=1, lsa_hnd=1
[2001/12/12 19:09:49, 3] nsswitch/winbindd_util.c:debug_conn_state(39)
OFFICE: dc=MAISON, got_sid=1, sam_hnd=1 sam_dom_hnd=1
[2001/12/12 19:09:49, 3]
nsswitch/winbindd_cache.c:get_cache_sequence_number(112)
CACHESEQ OFFICE/USR/FOO is 1008173647
[2001/12/12 19:09:49, 3] nsswitch/winbindd_cache.c:cache_domain_expired(84)
seq 1008173647 for OFFICE has expired
"""""""""""""""""""
[2001/12/12 19:09:49, 3]
nsswitch/winbindd_cache.c:cached_sequence_number(67)
cached sequence number for OFFICE is 1008176371
[2001/12/12 19:09:49, 3]
nsswitch/winbindd_user.c:winbindd_getpwnam_from_user(104)
[13630]: getpwnam office+foo
[2001/12/12 19:09:49, 3]
nsswitch/winbindd_cache.c:get_cache_sequence_number(112)
CACHESEQ OFFICE/USR/ericb is 1008173647
[2001/12/12 19:09:49, 3]
nsswitch/winbindd_cache.c:cached_sequence_number(67)
cached sequence number for OFFICE is 1008176371
[2001/12/12 19:09:49, 3] nsswitch/winbindd_cache.c:cache_domain_expired(84)
seq 1008173647 for OFFICE has expired
"""""""""""""""""""""
[2001/12/12 19:09:49, 3]
nsswitch/winbindd_cache.c:cached_sequence_number(67)
cached sequence number for OFFICE is 1008176371
[2001/12/12 19:09:50, 3] nsswitch/winbindd_group.c:winbindd_getgroups(908)
[13630]: getgroups office+foo
[2001/12/12 19:09:50, 3] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(187)
[13630]: uid to sid 10000
[2001/12/12 19:09:50, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(224)
[13630]: gid to sid 10000
[2001/12/12 19:09:50, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(224)
[13630]: gid to sid 10003
[2001/12/12 19:10:00, 3] nsswitch/winbindd_group.c:winbindd_setgrent(396)
[13634]: setgrent
[2001/12/12 19:10:00, 3] nsswitch/winbindd_group.c:winbindd_getgrent(567)
[13634]: getgrent
[2001/12/12 19:10:00, 3] nsswitch/winbindd_group.c:winbindd_getgrent(567)
[13634]: getgrent
[2001/12/12 19:10:00, 3] nsswitch/winbindd_group.c:winbindd_endgrent(449)
[13634]: endgrent
[2001/12/12 19:10:30, 3] nsswitch/winbindd_util.c:establish_connections(350)
establishing connections
[2001/12/12 19:10:30, 3] nsswitch/winbindd_util.c:debug_conn_state(33)
server: dc=MAISON, pwdb_init=1, lsa_hnd=1
notice: MAISON is the domain controller.
-the log for the client which execute the smbclient:
[2001/12/12 17:30:05, 0]
rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411)
cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD
[2001/12/12 17:30:05, 0] smbd/password.c:domain_client_validate(1608)
domain_client_validate: unable to validate password for user FOO in
domain OFFICE to Domain controller MAISON. Error was
NT_STATUS_WRONG_PASSWORD.
big thx for your help :)
More information about the samba-ntdom
mailing list