winbind authentication
Noel Kelly
nkelly at tarsus.co.uk
Sun May 12 04:42:01 GMT 2002
Downloaded 2.2.4 yesterday and it without your patch it works for me:
[noel at belly noel]$ wbinfo -a uk+nkelly%password
plaintext password authentication succeeded
error code was NT_STATUS_OK (0x0)
challenge/response password authentication succeeded
error code was NT_STATUS_OK (0x0)
[noel at belly noel]$
[noel at belly noel]$ wbinfo -a uk+nkelly%wrongpassword
plaintext password authentication failed
error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
Could not authenticate user uk+nkelly%password with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
Could not authenticate user uk+nkelly with challenge/response
[noel at belly noel]$
Noel
-----Original Message-----
From: Hasch at t-online.de [mailto:Hasch at t-online.de]
Sent: 12 May 2002 09:27
To: samba-technical at lists.samba.org
Cc: Andrew Bartlett
Subject: winbind authentication
Hi,
this problem applies to 2.2.4 and partly to head, too.
I need to set a username when connecting to a Win2K server using winbind.
The documentiation states "wbinfo -A user%password" would do the trick.
However this doesn't work. For wbinfo in 2.2.4:
- the "-A" option is documented, but isn't working.
(--set-auth-user is the actual name of the command but this is
undocumented)
- secrets_init() isn't called so secrets.tdb isn't open.
- the username variable instead of user is stored (which is user%password
instead of user alone)
The patch below makes it work for me. In head the same patch can be applied,
with the exception of secrets_init() not being needed.
...Juergen
--- nsswitch/wbinfo.orig Fri May 3 03:03:20 2002
+++ nsswitch/wbinfo.c Sat May 11 18:30:06 2002
@@ -592,9 +592,9 @@
password = "";
/* Store in secrets.tdb */
-
- if (!secrets_store(SECRETS_AUTH_USER, username,
- strlen(username) + 1) ||
+ secrets_init();
+ if (!secrets_store(SECRETS_AUTH_USER, user,
+ strlen(user) + 1) ||
!secrets_store(SECRETS_AUTH_DOMAIN, domain,
strlen(domain) + 1) ||
!secrets_store(SECRETS_AUTH_PASSWORD, password,
@@ -640,6 +640,7 @@
printf("\t-m\t\t\tlist trusted domains\n");
printf("\t-r user\t\t\tget user groups\n");
printf("\t-a user%%password\tauthenticate user\n");
+ printf("\t-A user%%password\tstore user and password used by winbind
(root
only)\n");
printf("\t-p 'ping' winbindd to see if it is alive\n");
printf("\t--sequence\t\tshow sequence numbers of all domains\n");
}
@@ -683,7 +684,7 @@
{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE },
{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r' },
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a' },
- { "set-auth-user", 0, POPT_ARG_STRING, &string_arg,
OPT_SET_AUTH_USER },
+ { "set-auth-user", 'A', POPT_ARG_STRING, &string_arg,
OPT_SET_AUTH_USER },
{ "ping", 'p', POPT_ARG_NONE, 0, 'p' },
{ 0, 0, 0, 0 }
};
More information about the samba-technical
mailing list