[Samba] Cannot Authenticate against AD ...
Ernie Cline
ecline at lightspeedresearch.com
Wed Jun 18 18:20:27 GMT 2003
Hey all,
I have a Windows 2000 AD PDC that hosts a domain. He also trusts our
existing Windows NT domain (2-way trust, they both trust each other). I
also have a Gentoo Linux machine that I have compiled Samba 3.0 on. I
can get almost everything to work with regards to talking to the Windows
2k PDC, like this:
mccoy samba # wbinfo -u
LIGHTSPEED+Administrator
LIGHTSPEED+Guest
LIGHTSPEED+TsInternetUser
LIGHTSPEED+IUSR_KINGATRHYME
LIGHTSPEED+IWAM_KINGATRHYME
LIGHTSPEED+krbtgt
LIGHTSPEED+RI-ONLINE$
LIGHTSPEED+ecline
LIGHTSPEED+jlally
But whenever I try anything regarding authentication, it fails:
mccoy samba # wbinfo -a ecline%blahblah
plaintext password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user ecline%blahblah with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user ecline with challenge/response
Also, I have tried to get the pam setup to work, without much success.
See here:
Jun 18 10:09:44 mccoy sshd(pam_unix)[11074]: check pass; user unknown
Jun 18 10:09:44 mccoy sshd(pam_unix)[11074]: check pass; user unknown
Jun 18 10:09:44 mccoy pam_winbind[11074]: request failed: No logon
servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 18 10:09:44 mccoy pam_winbind[11074]: request failed: No logon
servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 18 10:09:44 mccoy pam_winbind[11074]: internal module error (retval
= 4, user = `jlally'
Jun 18 10:09:44 mccoy pam_winbind[11074]: internal module error (retval
= 4, user = `jlally'
Jun 18 10:09:44 mccoy pam_winbind[11074]: request failed: No logon
servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 18 10:09:44 mccoy pam_winbind[11074]: request failed: No logon
servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 18 10:09:44 mccoy pam_winbind[11074]: internal module error (retval
= 4, user = `jlally'
Jun 18 10:09:44 mccoy pam_winbind[11074]: internal module error (retval
= 4, user = `jlally'
Jun 18 10:09:44 mccoy sshd[11074]: Failed password for jlally from
172.22.4.97 port 54689 ssh2
Jun 18 10:09:44 mccoy sshd[11074]: Failed password for jlally from
172.22.4.97 port 54689 ssh2
Jun 18 10:09:46 mccoy sshd(pam_unix)[11074]: check pass; user unknown
Jun 18 10:09:46 mccoy sshd(pam_unix)[11074]: check pass; user unknown
So I am not sure where to go from here. I can provide some verbose
log.winbind files, or tcpdump if neccessary. What i am ultimately
trying to accomplish is allowing people who have 2000 accounts in AD
access to my linux machines. We have a lot of web tools that rely on
having a valid account on the unix machine, and this would make my life
a lot easier. Interestingly enough, just using su - <domain user> works
just fine, as long as I first set them up with a home directory:
mccoy samba # su - jlally
LIGHTSPEED+jlally at mccoy jlally $ id
uid=10007(LIGHTSPEED+jlally) gid=10000(LIGHTSPEED+Domain Users)
groups=10000(LIGHTSPEED+Domain
Users),10001,10002,10003(LIGHTSPEED+Domain Admins)
LIGHTSPEED+jlally at mccoy jlally $
If you need any further information, please let me know ...
-e
More information about the samba
mailing list