Pam-logon failure for AD users

VigneshDhanraj G vigneshdhanraj.g at gmail.com
Tue Nov 3 12:25:47 UTC 2015


Hi Team,

when i am running this command i am getting the following error
/usr/local/samba/bin/wbinfo --pam-logon="DOMAIN\testusr1"

Enter DOMAIN\testusr1's password:
plaintext password authentication failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
error message was: Access denied
pam_logon failed for DOMAIN\testusr1

FTP and Cifs uses pam. Ftp authentication using domain working fine. But,
Cifs showing ACCESS_DENIED error.

Samba version : 4.1.17

In winbindd.log i could see
[2015/11/03 11:59:46.377088, 10, pid=435, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:755(wb_request_done)
  wb_request_done[559:PAM_AUTH_CRAP]: NT_STATUS_ACCESS_DENIED

My smb.conf is

available= yes
restrict anonymous= 0
server string= LenovoEMC™ px6-300d
Workgroup= DOMAIN
netbios name= Debian
realm= DOMAIN.LOCAL
password server= 192.168.1.100, *
idmap backend= tdb
idmap uid= 5000-9999999
idmap gid= 5000-9999999
security= ADS
name resolve order= wins host bcast lmhosts
client use spnego= yes
dns proxy= no
winbind use default domain= no
winbind nested groups= yes
inherit acls= yes
winbind enum users= yes
winbind enum groups= yes
winbind separator= \\
winbind cache time= 300
winbind offline logon= true
template shell= /bin/sh
map to guest= Bad User
host msdfs= yes
strict allocate= yes
encrypt passwords= yes
passdb backend= smbpasswd
printcap name= lpstat
printable= no
load printers= yes
max smbd processes= 500
getwd cache= yes
syslog= 0
use sendfile= yes
log level= 0
max log size= 50
unix extensions= no
dos charset= ascii
state directory= /mnt/system/samba/system


Windows client from which i am trying to access cifs is also connected to
the domain.


Could anybody help me regarding this issue. Ftp and cifs both uses samba
authentication but cifs authentication alone showing authentication error.



Regards,

Vigneshdhanraj G


More information about the samba-technical mailing list