[Samba] Winbind - Why won't you authenticate???

MCCALL,DON (HP-USA,ex1) don_mccall at hp.com
Wed Feb 13 15:03:41 GMT 2002


DAMN -your're right; I was working on an older version of the code on a
system that was NOT my cvs system, and it wasn't ifdef'ed out...
Makes sense now.
I think it's kinda wierd that he commented out the AUTH_CRAP (which is the
encrypted one) and left in the AUTH,
which handles the plaintext version...
Ok;  so at this point wbinfo -a is not a useful test for whether you can get
your domain users authenticated.
 
Daniel, try the following instead to see if winbindd is actually working for
you - 
 
smbclient //servername/sharename -Ujwad+dantest
 
password: whatever....
 
And then use smbstatus to verify that you got attached to that share with
the appropriate domain/username...
 
Let me know.
That'll teach me to work on somebody elses source machine just because it's
10 times faster than my cvs system... ;->
 
Don

-----Original Message-----
From: Esh, Andrew [mailto:AEsh at tricord.com]
Sent: Wednesday, February 13, 2002 5:21 PM
To: 'MCCALL,DON (HP-USA,ex1)'; 'samba-technical at lists.samba.org'
Subject: RE: [Samba] Winbind - Why won't you authenticate???



The interface and the code for that function appears to have been ifdef-ed
out with a test of "ALLOW_WINBIND_AUTH_CRAP", which I can't find defined
anywhere. Here's the latest CVS log entry for winbindd_pam.c:

---------------------------- 
revision 1.4.4.7 
date: 2002/02/02 00:54:30;  author: jra;  state: Exp;  lines: +2 -0 
Comment out AUTH_CRAP by default as a security measure. 
Jeremy. 
---------------------------- 

Maybe the call needs to be removed from wbinfo.c: 

nsswitch/wbinfo.c, line 365: 
static BOOL wbinfo_auth_crap(char *username) 

That, or perhaps this is a half-added configuration option. 

-----Original Message----- 
From: MCCALL,DON (HP-USA,ex1) [ mailto:don_mccall at hp.com
<mailto:don_mccall at hp.com> ] 
Sent: Wednesday, February 13, 2002 4:02 PM 
To: 'samba-technical at lists.samba.org' 
Subject: FW: [Samba] Winbind - Why won't you authenticate??? 




-----Original Message----- 
From: MCCALL,DON (HP-USA,ex1) 
Sent: Wednesday, February 13, 2002 4:58 PM 
To: 'Thomas, Daniel J.'; MCCALL,DON (HP-USA,ex1) 
Cc: Wieprecht, Karen M. 
Subject: RE: [Samba] Winbind - Why won't you authenticate??? 


Hi Daniel, 
No, it SHOULD'nt be necessary. 
Can you send me your Makefile? 
also do an nm on nsswitch/winbindd_pam.o  and grep for auth; 
see if winbindd_pam_auth_crap shows up there - thats the module 
that actually contains the code.. 
Thanks, 
Don 

PS:  Samba-Technical; does this ring any bells with anyone? 

-----Original Message----- 
From: Thomas, Daniel J. [ mailto:Daniel.Thomas at jhuapl.edu
<mailto:Daniel.Thomas at jhuapl.edu> ] 
Sent: Wednesday, February 13, 2002 4:47 PM 
To: 'MCCALL,DON (HP-USA,ex1)' 
Cc: Wieprecht, Karen M. 
Subject: RE: [Samba] Winbind - Why won't you authenticate??? 


I hadn't tried to use pam for winbind.  It was my impression from the 
documentation on winbind that although it *can* use pam, it isn't required. 
Do you think this is the problem?  Should I install PAM on my server and 
then recompile samba with --with-pam? 
-Dan 



-----Original Message----- 
From: MCCALL,DON (HP-USA,ex1) [ mailto:don_mccall at hp.com
<mailto:don_mccall at hp.com> ] 
Sent: Wednesday, February 13, 2002 4:43 PM 
To: 'Thomas, Daniel J.'; MCCALL,DON (HP-USA,ex1); 
'samba at lists.samba.org' 
Subject: RE: [Samba] Winbind - Why won't you authenticate??? 


Hi Daniel, 
Well, that nails it - take a look at the nm output from my winbindd: 

# nm ../bin/winbindd|grep auth 
authorise_login     |    668456|extern|code   |$CODE$ 
become_authenticated_pipe_user|    679768|extern|code   |$CODE$ 
cli_net_auth2       |    687676|extern|code   |$CODE$ 
init_q_auth_2       |    469520|extern|code   |$CODE$ 
init_rpc_auth_ntlmssp_chal|    505008|extern|code   |$CODE$ 
init_rpc_auth_ntlmssp_chk|    507856|extern|code   |$CODE$ 
init_rpc_auth_ntlmssp_neg|    504188|extern|code   |$CODE$ 
init_rpc_auth_ntlmssp_resp|    505372|extern|code   |$CODE$ 
init_rpc_auth_verifier|    503964|extern|code   |$CODE$ 
init_rpc_hdr_auth   |    503592|extern|code   |$CODE$ 
init_rpc_hdr_autha  |    503208|extern|code   |$CODE$ 
lp_lanman_auth      |    102056|extern|code   |$CODE$ 
net_io_q_auth       |    469160|extern|code   |$CODE$ 
net_io_q_auth_2     |    469772|extern|code   |$CODE$ 
net_io_r_auth       |    469352|extern|code   |$CODE$ 
net_io_r_auth_2     |    470000|extern|code   |$CODE$ 
new_cli_net_auth2   |    430004|extern|code   |$CODE$ 
rpc_auth_ntlmssp_chk|    507596|extern|code   |$CODE$ 
rpc_auth_pipe       |    436536|static|entry  |$CODE$ 
rpc_auth_verifier_chk|    503896|extern|code   |$CODE$ 
rpc_hdr_auth_chk    |    503560|extern|code   |$CODE$ 
rpc_send_auth_reply |    444416|static|entry  |$CODE$ 
smb_io_rpc_auth_ntlmssp_chal|    505084|extern|code   |$CODE$ 

smb_io_rpc_auth_ntlmssp_chk|    507876|extern|code   |$CODE$ 
smb_io_rpc_auth_ntlmssp_neg|    504328|extern|code   |$CODE$ 
smb_io_rpc_auth_ntlmssp_resp|    506012|extern|code   |$CODE$ 
smb_io_rpc_auth_verifier|    504012|extern|code   |$CODE$ 
smb_io_rpc_hdr_auth |    503620|extern|code   |$CODE$ 
smb_io_rpc_hdr_autha|    503256|extern|code   |$CODE$ 
unbecome_authenticated_pipe_user|    679852|extern|code   |$CODE$ 
winbindd_pam_auth   |     56056|extern|entry  | 
winbindd_pam_auth   |     56056|extern|code   |$CODE$ 
winbindd_pam_auth_crap|     56252|extern|code   |$CODE$ 
winbindd_pam_auth_crap|     56252|extern|entry  | 
winbindd_pam_chauthtok|     56744|extern|entry  | 
winbindd_pam_chauthtok|     56744|extern|code   |$CODE$ 
# 

^^^^^^^^^^^^^^^^specifically that I DO have entries not only for 
winbindd_pam_auth, 
but also for winbindd_pam_auth_crap - which you are missing, and therefore 
when 
wbinfo requests this function, winbindd fails when looking up the pointer to

the 
function (null)... 

I have NO immediate idea why this might be.  As I said, I would recommend 
doing a make clean, removing config.cache, and re-running configure 
--with-winbind --with-pam 
and doing a make again. 
I don't have a sun system to try this on presently... 

Let me know, 
Don 



-----Original Message----- 
From: Thomas, Daniel J. [ mailto:Daniel.Thomas at jhuapl.edu
<mailto:Daniel.Thomas at jhuapl.edu> ] 
Sent: Wednesday, February 13, 2002 4:33 PM 
To: 'MCCALL,DON (HP-USA,ex1)'; Thomas, Daniel J. 
Subject: RE: [Samba] Winbind - Why won't you authenticate??? 


Don, 
I've inserted my results inline below.  Also, this isn't really pertinent to

your previous message, but I thought you might want to know that our JWAD 
server are all Windows NT 4.0 SP6a, and only the workstations are Windows 
2K.  The bigger domain, JHUAPL, is also a Windows NT domain, but will soon 
be migrated to a Windows 2000 domain.  That may be something I need to keep 
in mind for the future, however this case we are working on is a test 
subject for me so I can apply this concept on our other private LAN which I 
have full control over and is currently Windows NT with no plans on going to

Win2k domain at the present.  This domain also has Win2k Pro workstations 
though. 

-Dan 

-----Original Message----- 
From: MCCALL,DON (HP-USA,ex1) [ mailto:don_mccall at hp.com
<mailto:don_mccall at hp.com> ] 
Sent: Wednesday, February 13, 2002 4:16 PM 
To: 'Thomas, Daniel J.'; MCCALL,DON (HP-USA,ex1) 
Subject: RE: [Samba] Winbind - Why won't you authenticate??? 



Hi Thomas, 
this would be your issue, I'm guessing: 
[2002/02/13 14:21:05, 10] nsswitch/winbindd.c:(378) 
  process_request: unknown request fn number 12 
[2002/02/13 14:21:05, 10] nsswitch/winbindd.c:(531) 
  client_write: wrote 1300 bytes. 
[2002/02/13 14:21:05, 10] nsswitch/winbindd.c:(483) 
  client_read: read 0 bytes. Need 1044 more for a full request. 
[2002/02/13 14:21:05, 5] nsswitch/winbindd.c:(490) 
  read failed on sock 12, pid 1623: EOF 

WHAT SHOULD BE HAPPENING here is the following: 

[2002/02/13 11:34:46, 10] nsswitch/winbindd.c:(369) 
  process_request: request fn AUTH_CRAP 
[2002/02/13 11:34:46, 3] nsswitch/winbindd_pam.c:(92) 
  [25106]: pam auth crap wt1/administrator 

(of course, with YOUR domain and username specified instead 
of mine (wt1/administrator). 

What is highly unusual is that process_request is reporting an unknown 
request for fn 12 (which is what AUTH_CRAP  ie  WINBINDD_PAM_AUTH_CRAP 
evaluates to).  it SHOULD have found this function in the dispatch_table... 
SOOOOO - what's going on? 
It LOOKS like the pointer to the winbindd_pam_auth_crap routine is null! 

if you have 'nm' on your system, 
do and 
nm winbindd|grep auth 

Results: 

adams{root}19: nm winbindd|grep auth 
[2940]  |    815960|    2476|FUNC |GLOB |0    |11     |authorise_login 
[2803]  |    828500|      60|FUNC |GLOB |0    |11 
|become_authenticated_pipe_user 
[2517]  |    836548|     728|FUNC |GLOB |0    |11     |cli_net_auth2 
[1415]  |    614724|     268|FUNC |GLOB |0    |11     |init_q_auth_2 
[2753]  |    650796|      52|FUNC |GLOB |0    |11 
|init_rpc_auth_ntlmssp_chal 
[1889]  |    653716|      20|FUNC |GLOB |0    |11 
|init_rpc_auth_ntlmssp_chk 
[2667]  |    649992|     100|FUNC |GLOB |0    |11 
|init_rpc_auth_ntlmssp_neg 
[1673]  |    651128|     616|FUNC |GLOB |0    |11 
|init_rpc_auth_ntlmssp_resp 
[2697]  |    649780|      32|FUNC |GLOB |0    |11 
|init_rpc_auth_verifier 
[1725]  |    649412|      36|FUNC |GLOB |0    |11     |init_rpc_hdr_auth 
[1386]  |    648956|      84|FUNC |GLOB |0    |11     |init_rpc_hdr_autha 
[1706]  |    250824|      12|FUNC |GLOB |0    |11     |lp_lanman_auth 
[3278]  |    614372|     184|FUNC |GLOB |0    |11     |net_io_q_auth 
[1154]  |    614992|     216|FUNC |GLOB |0    |11     |net_io_q_auth_2 
[1379]  |    614556|     168|FUNC |GLOB |0    |11     |net_io_r_auth 
[1352]  |    615208|     200|FUNC |GLOB |0    |11     |net_io_r_auth_2 
[1607]  |    575180|     532|FUNC |GLOB |0    |11     |new_cli_net_auth2 
[462]   |    955456|     132|OBJT |LOCL |0    |22     |nt_authority_users 
[3241]  |    653440|     276|FUNC |GLOB |0    |11     |rpc_auth_ntlmssp_chk 
[725]   |    581132|    1448|FUNC |LOCL |0    |11     |rpc_auth_pipe 
[2856]  |    649720|      60|FUNC |GLOB |0    |11     |rpc_auth_verifier_chk

[1622]  |    649360|      52|FUNC |GLOB |0    |11     |rpc_hdr_auth_chk 
[733]   |    590224|    1020|FUNC |LOCL |0    |11     |rpc_send_auth_reply 
[1157]  |    650848|     264|FUNC |GLOB |0    |11 
|smb_io_rpc_auth_ntlmssp_chal 
[2669]  |    653736|     236|FUNC |GLOB |0    |11 
|smb_io_rpc_auth_ntlmssp_chk 
[1118]  |    650108|     688|FUNC |GLOB |0    |11 
|smb_io_rpc_auth_ntlmssp_neg 
[2401]  |    651744|    1696|FUNC |GLOB |0    |11 
|smb_io_rpc_auth_ntlmssp_resp 
[1244]  |    649812|     164|FUNC |GLOB |0    |11 
|smb_io_rpc_auth_verifier 
[1591]  |    649448|     272|FUNC |GLOB |0    |11     |smb_io_rpc_hdr_auth 
[2752]  |    649040|     320|FUNC |GLOB |0    |11     |smb_io_rpc_hdr_autha 
[2933]  |    828576|      12|FUNC |GLOB |0    |11 
|unbecome_authenticated_pipe_user 
[2635]  |    203828|     208|FUNC |GLOB |0    |11     |winbindd_pam_auth 
[940]   |    204036|     172|FUNC |GLOB |0    |11 
|winbindd_pam_chauthtok 


and 
nm wbinfo|grep auth 

Results: 

adams{root}20: nm wbinfo|grep auth 
[864]   |    126880|      12|FUNC |GLOB |0    |11     |lp_lanman_auth 
[365]   |    413492|     132|OBJT |LOCL |0    |22     |nt_authority_users 
[56]    |    113376|     244|FUNC |LOCL |0    |11     |wbinfo_auth 
[57]    |    113636|     304|FUNC |LOCL |0    |11     |wbinfo_auth_crap 
[60]    |    114276|     184|FUNC |LOCL |0    |11     |wbinfo_set_auth_user 

and let me know the results, ok? 

Also if you can send the config.log and the exact command line you used to 
do a configure when 
you built samba, that would help as well;  you might want to (while I look 
at this), do a make clean 
rm config.cache, and run configure again - configure --with-pam 
--with-winbindd  
and see if it doesnt work better for you - maybe you didn't clean out your 
config.cache, and it screwed 
you up... 

Don 

Don 


-----Original Message----- 
From: Thomas, Daniel J. [ mailto:Daniel.Thomas at jhuapl.edu
<mailto:Daniel.Thomas at jhuapl.edu> ] 
Sent: Wednesday, February 13, 2002 2:32 PM 
To: 'MCCALL,DON (HP-USA,ex1)' 
Subject: RE: [Samba] Winbind - Why won't you authenticate??? 


OK, 
Set up log level 10 and recreated the log files.  I just ran this: 

adams{root}26: ./wbinfo -a JWAD+dantest%password 
plaintext password authentication succeeded 
challenge/response password authentication failed 
Could not authenticate user JWAD+dantest%password with challenge/response 

Also, it looks like I'm getting a complete domain listing now from both 
domains with wbinfo -u. 
I think it might be because I added a wins server address.  the command does

keep winbind bussy for a minute of two to list all the users =) 
-Dan 


-----Original Message----- 
From: MCCALL,DON (HP-USA,ex1) [ mailto:don_mccall at hp.com
<mailto:don_mccall at hp.com> ] 
Sent: Wednesday, February 13, 2002 1:01 PM 
To: 'Thomas, Daniel J.'; MCCALL,DON (HP-USA,ex1); Samba (E-mail) 
Subject: RE: [Samba] Winbind - Why won't you authenticate??? 



Hi Thomas, 
The message from pdb_smbpasswd.c is saying that it can't find the smbpasswd 
file; 
this is normal if you are doing domain level authentication, and have not 
created/populated 
an smbpasswd file - if the domain authentication doesn't work, samba trys to

authenticate 
you locally to the smbpasswd file.  So this isn't the issue, I believe. 

It looks to me as if your win2k dc has disabled support for NTLM v1 
challenge response authentication. 
Check you domain controller security policy under security settings/local 
policies/ 
security options and see what the value of : 
Lan Manager Authentication Level  
says.... 

Also, If you would like, stop winbindd,remove the log.winbindd file, 
 set your log level in smb.conf to 10, and 
start winbind, then do your wbinfo -a... command, and send me the 
log.winbindd; perhaps I 
can see what is happening from a full debug log. 
Thanks, 
Don 
-----Original Message----- 
From: Thomas, Daniel J. [ mailto:Daniel.Thomas at jhuapl.edu
<mailto:Daniel.Thomas at jhuapl.edu> ] 
Sent: Wednesday, February 13, 2002 12:29 PM 
To: 'MCCALL,DON (HP-USA,ex1)'; Thomas, Daniel J.; Samba (E-mail) 
Subject: RE: [Samba] Winbind - Why won't you authenticate??? 


Another thing I noticed.  I looked at the log file in samba/var and found 
the log for my machine was filled with this: 

[2002/02/13 12:23:19, 0] passdb/pdb_smbpasswd.c:(1367) 
  unable to open passdb database. 


Where is the pdb_smbpassd.c file and why would there be a problem opening 
it? 
-Dan 

-----Original Message----- 
From: MCCALL,DON (HP-USA,ex1) [ mailto:don_mccall at hp.com
<mailto:don_mccall at hp.com> ] 
Sent: Tuesday, February 12, 2002 5:24 PM 
To: 'Thomas, Daniel J.'; MCCALL,DON (HP-USA,ex1); Samba (E-mail) 
Subject: RE: [Samba] Winbind - Why won't you authenticate??? 


Hi Daniel, 
I see a couple of things that are suspicious. 
Take a look at my output, from a winbindd system that is a member of the WT1


domain, and the WT1 domain has a trust to the atl-wtec domain  NOTE that my 
winbind separator is +  (as your's appears to be in your smb.conf file): 

# ./wbinfo -u 
ATL-WTEC+Administrator 
ATL-WTEC+atlwtec1 
ATL-WTEC+ddmc 
ATL-WTEC+Guest 
ATL-WTEC+IUSR_ALBERTE 
WT1+Administrator 
WT1+ddmc 
WT1+Guest 
WT1+IUSR_CERES 
WT1+IWAM_CERES 
WT1+krbtgt 
WT1+test 
WT1+test1 
WT1+test2 
WT1+test3 
WT1+test4 
WT1+test5 
# ./wbinfo -m 
ATL-WTEC 
# 

NOTE it shows the users in the ATL-WTEC domain as well as my home domain 
(this may be because 
I have a 2 way trust between the domains); but NOTE also, that the wbinfo 
output SHOWS my 
users with the "+" separator, which matches what I have in my smb.conf file 
- YOURS DOES NOT: 
it shows the separator being used as "\"... 
You might try verifying your smb.conf file 'winbind separator' by running 
testparm|grep winbind 
and if it DOES say +, then stop winbindd, restart it, and do your wbinfo -u 
again.  Verify that 
it is using the "+", and if so, then try your wbinfo -a command again (with 
the + sign)... 

That's all I have for now... 
don 

-----Original Message----- 
From: Thomas, Daniel J. [ mailto:Daniel.Thomas at jhuapl.edu
<mailto:Daniel.Thomas at jhuapl.edu> ] 
Sent: Tuesday, February 12, 2002 5:03 PM 
To: 'MCCALL,DON (HP-USA,ex1)'; Thomas, Daniel J.; Samba (E-mail) 
Subject: RE: [Samba] Winbind - Why won't you authenticate??? 


Below is the beginning of the output which I just pasted into this e-mail. 
You'll find the error on the bottom.  Also at the bottom is a copy of the 
smb.conf file.  It this all correct? 
Thanks, 
-Dan 



adams{root}5: ./wbinfo 
Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm | -aA user%pas 
        -u                      lists all domain users 
        -g                      lists all domain groups 
        -h name                 converts NetBIOS hostname to IP 
        -i ip                   converts IP address to NetBIOS name 
        -n name                 converts name to sid 
        -s sid                  converts sid to name 
        -U uid                  converts uid to sid 
        -G gid                  converts gid to sid 
        -S sid                  converts sid to uid 
        -Y sid                  converts sid to gid 
        -t                      check shared secret 
        -m                      list trusted domains 
        -r user                 get user groups 
        -a user%password        authenticate user 
        -A user%password        store session setup auth password 
adams{root}6: ./wbinfo -u 
adams{root}11: ./wbinfo 
Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm | -aA user%pas 
        -u                      lists all domain users 
        -g                      lists all domain groups 
        -h name                 converts NetBIOS hostname to IP 
        -i ip                   converts IP address to NetBIOS name 
        -n name                 converts name to sid 
        -s sid                  converts sid to name 
        -U uid                  converts uid to sid 
        -G gid                  converts gid to sid 
        -S sid                  converts sid to uid 
        -Y sid                  converts sid to gid 
        -t                      check shared secret 
        -m                      list trusted domains 
        -r user                 get user groups 
        -a user%password        authenticate user 
        -A user%password        store session setup auth password 
adams{root}12: ./wbinfo -u 
JWAD\Administrator 
JWAD\dantest 
JWAD\Guest 
JWAD\guestuser 
JWAD\Nelsojb1 
JWAD\repladmin 
JWAD\shaffjl1 
JWAD\SMS&_JWAD-DC1 
JWAD\SMSCliToknAcct& 
JWAD\SQLAgentCmdExec 
JWAD\SQLExecutiveCmdExec 
JWAD\SQLServerService 
JWAD\vashodp1 
JWAD\Volga 
JWAD\WestRL1 
adams{root}13: ./wbinfo -g 
JWAD\Domain Admins 
JWAD\Domain Guests 
JWAD\Domain Users 
JWAD\MTS Trusted Impersonators 
JWAD\SMSInternalCliGrp 
adams{root}14: ./wbinfo -m 
JHUAPL 
adams{root}15: ./wbinfo -a JWAD+dantest%password 
plaintext password authentication failed 
Could not authenticate user JWAD+dantest%password with plaintext password 
challenge/response password authentication failed 
Could not authenticate user JWAD+dantest%password with challenge/response 







SMB Conf file: 
# Samba config file created using SWAT 
# from thomaDJ1.jhuapl.edu (128.244.11.37) 
# Date: 2002/02/12 16:11:14 

# Global parameters 
[global] 
        workgroup = JWAD 
        netbios name = ADAMS 
        server string = adams samba 
        security = DOMAIN 
        encrypt passwords = Yes 
        null passwords = Yes 
        password server = * 
        log file = /usr/local/samba/var/log.%m 
        max log size = 50 
        large readwrite = Yes 
        load printers = No 
        os level = 0 
        preferred master = False 
        local master = No 
        domain master = False 
        dns proxy = No 
        valid chars = - _ 
        winbind uid = 10000-20000 
        winbind gid = 10000-20000 
        template homedir = /apps/users/%U 
        winbind separator = + 
        hosts allow = 128.244.11. 
        strict locking = Yes 

[homes] 
        comment = Home Directories 
        read only = No 
        browseable = No 

[printers] 
        comment = All Printers 
        path = /usr/spool/samba 
        printable = Yes 
        browseable = No 

[temp] 
        path = /apps/temp 
        write list = jhuapl+wieprkm1 jhuapl+thomadj1 jwad+administrator 
jwad+dantest 




-----Original Message----- 
From: MCCALL,DON (HP-USA,ex1) [ mailto:don_mccall at hp.com
<mailto:don_mccall at hp.com> ] 
Sent: Tuesday, February 12, 2002 3:32 PM 
To: 'Thomas, Daniel J.'; Samba (E-mail) 
Subject: RE: [Samba] Winbind - Why won't you authenticate??? 


Hi Daniel, 
that should work - but I notice that you are using "\" for the winbindd 
separator - some unix'es will swallow this character as an 'escape' 
character;  for instance on HPUX  you can see: 

# ./wbinfo -a atl-wtec\atlwtec1%atlwtec1 
Could not authenticate user atl-wtecatlwtec1%atlwtec1 with plaintext 
password 
Could not authenticate user atl-wtecatlwtec1%atlwtec1 with 
challenge/response 

NOTE in the above that the response does NOT display the "\" inbetween the 
domain 
and the username. 

Is this happening to you? 
Don 


-----Original Message----- 
From: Thomas, Daniel J. [ mailto:Daniel.Thomas at jhuapl.edu
<mailto:Daniel.Thomas at jhuapl.edu> ] 
Sent: Tuesday, February 12, 2002 3:09 PM 
To: Samba (E-mail) 
Subject: [Samba] Winbind - Why won't you authenticate??? 


Well, I managed to get Samba 2.2.3 up and running on our Solaris 8 machine. 
I installed with the winbind option and everything went though just find.  
I was able to join the NT domain and now I can do a wbinfo -u  "and get a 
domain user list as well as a "wbinfo -g and get a group list.  For some 
reason though, the authentication isn't working. 

I tried to "wbinfo -a" and used a number of possible names.  The samba 
server is on an NT domain called "jwad" and it has a trust relationship with

"jhuapl".  My user account is on jhuapl, and I want to get authenticated. 
When I try the wbinfo -a jhuapl\thomadj1%PASSWORD it returns fail signals on

both clear text and challange/reponse methods.  From what I see though, it 
doesn't even appear to be trying to talk to the domain controller, because 
the Reponses are given way to quick for any real network activity to have 
taken place. 

Please lend some advice if you have any.  I can probably get sample output 
if needed. 
-Dan 

Daniel J. Thomas 
Systems Administrator 
Johns Hopkins University 
Applied Physics Laboratory 
Laurel, MD 

Balt:    (443) 778-7924 
Wash:  (240) 228-7924 


"Always avoid a bad file copy... 
You can never know when your replication proceeds you." 
                               -Anonymous Author 




-- 
To unsubscribe from this list go to the following URL and read the 
instructions:  http://lists.samba.org/mailman/listinfo/samba
<http://lists.samba.org/mailman/listinfo/samba>  

-- 
To unsubscribe from this list go to the following URL and read the 
instructions:  http://lists.samba.org/mailman/listinfo/samba
<http://lists.samba.org/mailman/listinfo/samba>  

-- 
To unsubscribe from this list go to the following URL and read the 
instructions:  http://lists.samba.org/mailman/listinfo/samba
<http://lists.samba.org/mailman/listinfo/samba>  

-------------- next part --------------
HTML attachment scrubbed and removed


More information about the samba-technical mailing list