[Samba] winbind: challenge/response password authentication failed

Gawain Lavers glavers at bigstorage.com
Wed Jul 24 15:18:02 GMT 2002

I'm using Redhat's 2.2.3a-6 standard install of Samba.  I seem to have almost
everything worked out (after much back and forth and fussing), but I can't log
in using my domain users.  Just using su or login fails, but using "wbinfo -a
<domain>+<userid>%<passwd>" I get this suggestive error:

 plaintext password authentication succeeded
 challenge/response password authentication failed
 Could not authenticate user VENUS0+tassadar%torque with challenge/response

I'm not getting much out of my logs, although I could probably improve their
output.  I presumed that "encrypt passwords = yes" would have covered the above
issue, but I guess it doesn't.  I've had difficulty finding anybody on this list
who's had this particular problem (plaintext works, challenge/response doesn't)
-- although reviewing a few of the archived months manually suggests that Google
doesn't catalogue all of the postings.

Any suggestions (particularly on setting a good logging level for winbind)
greatly appreciated.

Relevant /etc/nsswitch.conf lines:

passwd:     files winbind nisplus
shadow:     files winbind nisplus
group:      files winbind nisplus
hosts:      files wins nisplus dns

Relevant /etc/samba/smb.conf lines:

     #winbind options
     # separate domain and username with '+', like DOMAIN+username
     winbind separator = +
     # use uids from 10000 to 20000 for domain users
     winbind uid = 10000-20000
     # use gids from 10000 to 20000 for domain groups
     winbind gid = 10000-20000
     # allow enumeration of winbind users and groups
     winbind enum users = yes
     winbind enum groups = yes
     # give winbind users a real shell (only needed if they have telnet access)
     template homedir = /home/%D/%U
     template shell = /bin/bash
     encrypt passwords = yes

     workgroup = VENUS0

     server string = Samba Server
        hosts allow = 127. 10.

   log file = /var/log/samba/%m.log
   max log size = 10000

   security = domain

   password server = *

   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd

   pam password change = yes

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   wins server =

   dns proxy = no

More information about the samba mailing list