AW: Winbind authenticatition of user accessing a share with encry
pted password.
Klein.Roman at Yamanouchi.de
Klein.Roman at Yamanouchi.de
Thu Jun 27 05:33:02 GMT 2002
Hi,
I have not installed samba until 2.2.5 now.
But there is a bug in the winbindd code which has been fixed by Mike Gerdts,
see attached e-mail.
I assumed that this patch, wich works for me on samba 2.2.4 solaris 2.6, has
been added to the 2.2.5 release.
Obviously not.
<<Re: Samba, winbind, solaris and your patch>>
Could you please give me feedback if this works for you an 2.2.5 also.
Best Regards
Roman
> -----Ursprüngliche Nachricht-----
> Von: Allan Nielsen [SMTP:ALLANN at dk.ibm.com]
> Gesendet am: Donnerstag, 27. Juni 2002 09:53
> An: Klein.Roman at Yamanouchi.de
> Betreff: Winbind authenticatition of user accessing a share with
> encrypted password.
>
> Hi
>
> In relation to your posted message I have exactly the same problem on
> samba
> 2.2.5.
> Flags used are --with-winbind --with-winbind-auth-challenge
> --with-acl-support.
> After including --with-winbind-auth-challenge it is possible to get
> authentication with encrypted passwords from wbinfo -a user%password but
> when accessing a share as this user he is mapped to nobody.
>
> Did you succeed to solve your problem?
>
> I'm using samba now for 6-7 years starting with samba 1.9.18.
>
> I have 6 machines running samba v2.0.7 under linux and solaris
> I have upgraded one of the solaris machines to samba 2.2.3a including
> acl-support and winbind.
>
> I live in a win2k forest, so my domain has a trust relationship with an
> other win2k domain.
> My domain controllers are in mixed mode.
>
> In order to get winbindd and nsswitch up and running I had to adjust the
> Makefile as follows:
>
> nsswitch/libnss_winbind.so: $(WINBIND_NSS_PICOBJS)
> @echo "Linking $@"
> @$(SHLD) -h $@ -G -o $@ $(WINBIND_NSS_PICOBJS) $(LIBS)
>
> I added the $(LIBS) to the linker-line, without that I had errors when
> doing
> a 'ls -l' for a file which was owned by a DOMAIN+domuser account.
>
> Furthermore I had to copy the nsswitch/libnss_winbind.so as nss_winbind.so
> to /lib
> After configuring nsswitch.conf I can successfully do:
>
> wbinfo -u
> wbinfo -g
> getent passwd
> getent group
>
> From a NT4 or win2k-box I can modify acl an the samba-share as long as I
> use
> a useraccount which is not authenticated by winbind.
>
> when I use:
> wbinfo -a domain\\domuser%password (my winbind separator is '\')
>
> I'll get error:
>
> plaintext password authentication succeeded
> challenge/response password authentication failed
> Could not authenticate user domain\domuser%password with
> challenge/response
>
> Although encrypted passwords are enabled in smb.conf
>
> I can do a
>
> su - domain\\domuser%password
>
> on unix level
>
> When I do a smbclient //server/share -U domain\\domuser%password
>
> I'll get error:
>
> Domain=[DOMAIN] OS=[Unix] Server=[Samba 2.2.3a]
> tree connect failed: NT_STATUS_WRONG_PASSWORD
>
> I can not connect to that server using a winbind authenticated useraccount
> from neither NT4sp6 nor win2ksp2.
>
> In any case I can see in the winbindd-log that the demon is enumerating
> SID's to GID's and UID's, but it states that the password are not
> encrypted.
>
> I was reading through the docs and mailings for the last two days, but I
> did
> not get the proper advice in how to get it up and running.
>
> Can anybody help
>
> Best Regards
>
> Roman
>
> Med venlig hilsen / With kind Regards
>
> Allan Nielsen
> Advisory IT-Specialist
>
> IBM Danmark A/S - Sortemosevej 21 - 3450 Allerød - Phone: 4523
> 9595 - Mobil: 23325107 - Fax: 4523 6803 - E-mail:
> allann at dk.ibm.com
>
-------------- next part --------------
An embedded message was scrubbed...
From: Michael.Gerdts at alcatel.com
Subject: Re: Samba, winbind, solaris and your patch
Date: Mon, 13 May 2002 19:59:46 +0200
Size: 4638
Url: http://lists.samba.org/archive/samba-technical/attachments/20020627/d26c1775/attachment.eml
More information about the samba-technical
mailing list