[Samba] winbind: challenge/response password authentication failed
Gawain Lavers
glavers at bigstorage.com
Wed Jul 24 15:18:02 GMT 2002
I'm using Redhat's 2.2.3a-6 standard install of Samba. I seem to have almost
everything worked out (after much back and forth and fussing), but I can't log
in using my domain users. Just using su or login fails, but using "wbinfo -a
<domain>+<userid>%<passwd>" I get this suggestive error:
plaintext password authentication succeeded
challenge/response password authentication failed
Could not authenticate user VENUS0+tassadar%torque with challenge/response
I'm not getting much out of my logs, although I could probably improve their
output. I presumed that "encrypt passwords = yes" would have covered the above
issue, but I guess it doesn't. I've had difficulty finding anybody on this list
who's had this particular problem (plaintext works, challenge/response doesn't)
-- although reviewing a few of the archived months manually suggests that Google
doesn't catalogue all of the postings.
Any suggestions (particularly on setting a good logging level for winbind)
greatly appreciated.
Relevant /etc/nsswitch.conf lines:
passwd: files winbind nisplus
shadow: files winbind nisplus
group: files winbind nisplus
hosts: files wins nisplus dns
Relevant /etc/samba/smb.conf lines:
[global]
#winbind options
# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template homedir = /home/%D/%U
template shell = /bin/bash
encrypt passwords = yes
workgroup = VENUS0
server string = Samba Server
hosts allow = 127. 10.
log file = /var/log/samba/%m.log
max log size = 10000
security = domain
password server = *
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
pam password change = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = 10.10.10.46
dns proxy = no
More information about the samba
mailing list