[Samba] Winbind error plaintext password against Windows 2000 Server AD

[Oliver Neumann [New Identity AG]]

Hi all,

I configured a linux box (Debian Sarge) with Winbind to authenticate against
a windows 2000 server AD. After joining the Domain via

  net rpc join -U Administrator

I can get all AD users and groups using

  wbinfo -u
  wbinfo -g
  getent passwd

Everything seems to be really fine, but when I try to authenticate against
the AD via

  wbinfo -a testuser%testpass

I get:

-x-x-x-
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user testuser%testpass with plaintext password
challenge/response password authentication succeeded
-x-x-x-

So authentication seems to work obviously (see bottom line), but what does
the above
messages mean? Additionally I cannot authenticate using pam_winbind.so e.g.
for SSH
Loggins, I suppose the error that causes both has the same reason.

So here are the relevant parts of my /etc/samba/smb.conf:

-x-x-
workgroup = ...
security = domain
encrypt passwords = true

winbind separator = +
idmap uid = 10000-65535
idmap gid = 10000-65535
winbind enum users = yes
winbind enum groups = yes
-x-x-

Winbind is up and running, the symlink mentioned in the Samba HOWTO
(/lib/libnss_winbind.so --> /lib/libnss_winbind.so.2) is set up correctly
and /lib/security/pam_winbind.so and /lib/libnss_winbind.so are in place.

My /etc/nsswitch.conf is:

-x-x-
passwd:         compat winbind
group:          compat winbind
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
-x-x-

Any help is appreciated!

I'm using version 3.0.14a of winbind (latest stable package of winbind
daemon on debian sarge).

Thanks,
Oliver Neumann