[Samba] Samba 2.2.5-pre and --with-winbind is not handling passwords properly

Eric Boehm boehm at nortelnetworks.com
Wed May 29 10:54:44 GMT 2002

I am seeing some rather strange behavior with SAMBA_2_2 (update from
CVS, 05/29 12:30 EDT)

If I build with

./configure  --with-automount --with-pam --with-libsmbclient --with-acl-support


/usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase -U boehm
Password: <password>


/usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase -U boehm%password

works fine.

If I build with

./configure  --with-automount --with-pam --with-libsmbclient \
   --with-acl-support --with-winbind


/usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase -U boehm%password

export USER=boehm%password
/usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase



/usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase -U boehm
Password: <password>

fails with

session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.)

The log file says

[2002/05/29 13:36:28, 0, pid=8803] rpc_client/cli_netlogon.c:(406)
  cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD
[2002/05/29 13:36:28, 0, pid=8803] smbd/password.c:(1605)
  domain_client_validate: unable to validate password for user BOEHM in domain AMERICASE to Domain controller PCNTRTP01. Error was NT_STATUS_WRONG_PASSWORD.

I know I am not mistyping the password because I am using the mouse to
paste it in.
I have level 10 logs of -U user%password vs -U user when compiled with
--with-winbind but it is 6000+ lines of text. I can upload it if desired.

My smb.conf looks like
# Global parameters 
	client code page = 437 
	# Samba requests 10000 but Solaris has only 1014 to spare 
	#max open files = 1014 
	comment = "Samba %v server" 
	share modes = yes
	getwd cache = yes
	browseable = yes
	load printers = no
	local master = no
	log file = /usr/local/samba/var/log.%m
	username map = /usr/local/samba/lib/username.map
	debug pid = yes
	dead time = 30
	debug level = 1
	socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=32768 SO_RCVBUF=32768
	include = /usr/local/samba/lib/smb.conf.global.%h
	include = /usr/local/samba/lib/smb.conf.shares.%h

	# if security = domain, then password server = * and workgroup is the 
	# domain of the machine account resource domain
	workgroup = PCNTRTP
	security  = domain 
	password server = PCNTRTP01, ZRTPD0P0, PCNTRTP02
	# password server = *
	# if security = server, then password server = PDC, BDC ...
	# where PDC and BDC are primary and backup domain controllers of
	# the user account resource domain
	# workgroup = americase
	# security  = server
	# password server = ZRTPD01T, NRTPDE11, NRTPDE10, NRTPI915, PCNTRTP01, PCNTRTP02 
	wins server =
	encrypt passwords = yes 
	server string = "Test Samba server %h (%L), Samba"
	interfaces = ""
	#shared mem size = 4194304
        #netbios aliases = <alias1> <alias2>
	#winbind separator = +
	#winbind uid = 80000-90000
	#winbind gid = 80000-90000
        #winbind enum users = yes
        #winbind enum groups = yes
        #template homedir = /home/%U
        #template shell = /usr/bin/ksh

Eric M. Boehm                  /"\  ASCII Ribbon Campaign
boehm at nortelnetworks.com       \ /  No HTML or RTF in mail
                                X   No proprietary word-processing
Respect Open Standards         / \  files in mail

More information about the samba mailing list