[Samba] Winbind - Why won't you authenticate???
Thomas, Daniel J.
Daniel.Thomas at jhuapl.edu
Tue Feb 12 14:09:03 GMT 2002
Below is the beginning of the output which I just pasted into this e-mail.
You'll find the error on the bottom. Also at the bottom is a copy of the
smb.conf file. It this all correct?
Thanks,
-Dan
adams{root}5: ./wbinfo
Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm | -aA user%pas
-u lists all domain users
-g lists all domain groups
-h name converts NetBIOS hostname to IP
-i ip converts IP address to NetBIOS name
-n name converts name to sid
-s sid converts sid to name
-U uid converts uid to sid
-G gid converts gid to sid
-S sid converts sid to uid
-Y sid converts sid to gid
-t check shared secret
-m list trusted domains
-r user get user groups
-a user%password authenticate user
-A user%password store session setup auth password
adams{root}6: ./wbinfo -u
adams{root}11: ./wbinfo
Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm | -aA user%pas
-u lists all domain users
-g lists all domain groups
-h name converts NetBIOS hostname to IP
-i ip converts IP address to NetBIOS name
-n name converts name to sid
-s sid converts sid to name
-U uid converts uid to sid
-G gid converts gid to sid
-S sid converts sid to uid
-Y sid converts sid to gid
-t check shared secret
-m list trusted domains
-r user get user groups
-a user%password authenticate user
-A user%password store session setup auth password
adams{root}12: ./wbinfo -u
JWAD\Administrator
JWAD\dantest
JWAD\Guest
JWAD\guestuser
JWAD\Nelsojb1
JWAD\repladmin
JWAD\shaffjl1
JWAD\SMS&_JWAD-DC1
JWAD\SMSCliToknAcct&
JWAD\SQLAgentCmdExec
JWAD\SQLExecutiveCmdExec
JWAD\SQLServerService
JWAD\vashodp1
JWAD\Volga
JWAD\WestRL1
adams{root}13: ./wbinfo -g
JWAD\Domain Admins
JWAD\Domain Guests
JWAD\Domain Users
JWAD\MTS Trusted Impersonators
JWAD\SMSInternalCliGrp
adams{root}14: ./wbinfo -m
JHUAPL
adams{root}15: ./wbinfo -a JWAD+dantest%password
plaintext password authentication failed
Could not authenticate user JWAD+dantest%password with plaintext password
challenge/response password authentication failed
Could not authenticate user JWAD+dantest%password with challenge/response
SMB Conf file:
# Samba config file created using SWAT
# from thomaDJ1.jhuapl.edu (128.244.11.37)
# Date: 2002/02/12 16:11:14
# Global parameters
[global]
workgroup = JWAD
netbios name = ADAMS
server string = adams samba
security = DOMAIN
encrypt passwords = Yes
null passwords = Yes
password server = *
log file = /usr/local/samba/var/log.%m
max log size = 50
large readwrite = Yes
load printers = No
os level = 0
preferred master = False
local master = No
domain master = False
dns proxy = No
valid chars = - _
winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /apps/users/%U
winbind separator = +
hosts allow = 128.244.11.
strict locking = Yes
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
[temp]
path = /apps/temp
write list = jhuapl+wieprkm1 jhuapl+thomadj1 jwad+administrator
jwad+dantest
-----Original Message-----
From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
Sent: Tuesday, February 12, 2002 3:32 PM
To: 'Thomas, Daniel J.'; Samba (E-mail)
Subject: RE: [Samba] Winbind - Why won't you authenticate???
Hi Daniel,
that should work - but I notice that you are using "\" for the winbindd
separator - some unix'es will swallow this character as an 'escape'
character; for instance on HPUX you can see:
# ./wbinfo -a atl-wtec\atlwtec1%atlwtec1
Could not authenticate user atl-wtecatlwtec1%atlwtec1 with plaintext
password
Could not authenticate user atl-wtecatlwtec1%atlwtec1 with
challenge/response
NOTE in the above that the response does NOT display the "\" inbetween the
domain
and the username.
Is this happening to you?
Don
-----Original Message-----
From: Thomas, Daniel J. [mailto:Daniel.Thomas at jhuapl.edu]
Sent: Tuesday, February 12, 2002 3:09 PM
To: Samba (E-mail)
Subject: [Samba] Winbind - Why won't you authenticate???
Well, I managed to get Samba 2.2.3 up and running on our Solaris 8 machine.
I installed with the winbind option and everything went though just find.
I was able to join the NT domain and now I can do a wbinfo -u "and get a
domain user list as well as a "wbinfo -g and get a group list. For some
reason though, the authentication isn't working.
I tried to "wbinfo -a" and used a number of possible names. The samba
server is on an NT domain called "jwad" and it has a trust relationship with
"jhuapl". My user account is on jhuapl, and I want to get authenticated.
When I try the wbinfo -a jhuapl\thomadj1%PASSWORD it returns fail signals on
both clear text and challange/reponse methods. From what I see though, it
doesn't even appear to be trying to talk to the domain controller, because
the Reponses are given way to quick for any real network activity to have
taken place.
Please lend some advice if you have any. I can probably get sample output
if needed.
-Dan
Daniel J. Thomas
Systems Administrator
Johns Hopkins University
Applied Physics Laboratory
Laurel, MD
Balt: (443) 778-7924
Wash: (240) 228-7924
"Always avoid a bad file copy...
You can never know when your replication proceeds you."
-Anonymous Author
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list