[Samba] Cannot Authenticate against AD ...

Ernie Cline ecline at lightspeedresearch.com
Wed Jun 18 18:20:27 GMT 2003


Hey all,
I have a Windows 2000 AD PDC that hosts a domain.  He also trusts our 
existing Windows NT domain (2-way trust, they both trust each other).  I 
also have a Gentoo Linux machine that I have compiled Samba 3.0 on.  I 
can get almost everything to work with regards to talking to the Windows 
2k PDC, like this:

mccoy samba # wbinfo -u
LIGHTSPEED+Administrator
LIGHTSPEED+Guest
LIGHTSPEED+TsInternetUser
LIGHTSPEED+IUSR_KINGATRHYME
LIGHTSPEED+IWAM_KINGATRHYME
LIGHTSPEED+krbtgt
LIGHTSPEED+RI-ONLINE$
LIGHTSPEED+ecline
LIGHTSPEED+jlally

But whenever I try anything regarding authentication, it fails:

mccoy samba # wbinfo -a ecline%blahblah
plaintext password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user ecline%blahblah with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user ecline with challenge/response

Also, I have tried to get the pam setup to work, without much success. 
See here:

Jun 18 10:09:44 mccoy sshd(pam_unix)[11074]: check pass; user unknown
Jun 18 10:09:44 mccoy sshd(pam_unix)[11074]: check pass; user unknown
Jun 18 10:09:44 mccoy pam_winbind[11074]: request failed: No logon 
servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 18 10:09:44 mccoy pam_winbind[11074]: request failed: No logon 
servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 18 10:09:44 mccoy pam_winbind[11074]: internal module error (retval 
= 4, user = `jlally'
Jun 18 10:09:44 mccoy pam_winbind[11074]: internal module error (retval 
= 4, user = `jlally'
Jun 18 10:09:44 mccoy pam_winbind[11074]: request failed: No logon 
servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 18 10:09:44 mccoy pam_winbind[11074]: request failed: No logon 
servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 18 10:09:44 mccoy pam_winbind[11074]: internal module error (retval 
= 4, user = `jlally'
Jun 18 10:09:44 mccoy pam_winbind[11074]: internal module error (retval 
= 4, user = `jlally'
Jun 18 10:09:44 mccoy sshd[11074]: Failed password for jlally from 
172.22.4.97 port 54689 ssh2
Jun 18 10:09:44 mccoy sshd[11074]: Failed password for jlally from 
172.22.4.97 port 54689 ssh2
Jun 18 10:09:46 mccoy sshd(pam_unix)[11074]: check pass; user unknown
Jun 18 10:09:46 mccoy sshd(pam_unix)[11074]: check pass; user unknown

So I am not sure where to go from here.  I can provide some verbose 
log.winbind files, or tcpdump if neccessary.   What i am ultimately 
trying to accomplish is allowing people who have 2000 accounts in AD 
access to my linux machines.  We have a lot of web tools that rely on 
having a valid account on the unix machine, and this would make my life 
a lot easier.  Interestingly enough, just using su - <domain user> works 
just fine, as long as I first set them up with a home directory:

mccoy samba # su - jlally
LIGHTSPEED+jlally at mccoy jlally $ id
uid=10007(LIGHTSPEED+jlally) gid=10000(LIGHTSPEED+Domain Users) 
groups=10000(LIGHTSPEED+Domain 
Users),10001,10002,10003(LIGHTSPEED+Domain Admins)
LIGHTSPEED+jlally at mccoy jlally $

If you need any further information, please let me know ...

-e




More information about the samba mailing list