[Samba] Samba / AD / Winbind issues

Kevin M. Barrett kmb at kmb.com
Mon May 9 03:37:43 GMT 2005 

Just one more update to my issue ... AS it is RESOLVED ..

I found one small mention in the google groups archive for this list... 
that said something about adding

 > client schannel = no

to the smb.conf as it looked like the schannels were stepping on each other 
in the Win2003 AD world ... and Low and Behold it now works... Thanks to 
those who tried to help with my issue .... It has truly been a learning 
experence ..

Kevin




At 11:05 PM 5/8/2005, Kevin M. Barrett wrote:
>At 10:18 AM 5/8/2005, Kevin M. Barrett wrote:
>>Some addtional info with regards to my Winbind issue...
>>
>>I have started the Winbind process interactively with a debug level of 9
>>
>>here is the results of two smbclient -L //gs005/ -Utuser2 commands The 
>>first is with the password set to the wrong value and it shows that 
>>samba/winbind knows that it is wrong ( that is a good thing )
>>
>>+++++ LOG DATA ++++++
>
>Some more info as I keep trying things ...
>
>If I issue the command wininfo -atuser2%password  It succeeds, but the 
>same user with Smbclient fails as it did in my last email ...
>
>[root at gs005 etc]# wbinfo -atuser2%password
>plaintext password authentication succeeded
>challenge/response password authentication succeeded
>
>and the log from -d3 on the winbind process
>
>
>[ 3973]: request interface version
>[ 3973]: request location of privileged pipe
>[ 3973]: pam auth tuser2
>[ 3973]: request misc info
>[ 3973]: request domain name
>[ 3973]: pam auth crap domain: D1 user: tuser2
>
>But the smbclient  -L localhost -Utuser2%password results in this in the 
>winbind log
>
>Doing kerberos session setup
>Ticket in ccache[MEMORY:cliconnect] expiration Mon, 09 May 2005 09:01:42 GMT
>user 'tuser2' does not exist
>[ 4061]: getpwnam D1+tuser2
>user 'tuser2' does not exist
>[ 4061]: getpwnam D1+TUSER2
>user 'TUSER2' does not exist
>[ 4061]: getpwnam tuser2
>user 'tuser2' does not exist
>[ 4061]: getpwnam TUSER2
>user 'TUSER2' does not exist
>[ 4061]: create_user: user=>(tuser2), group=>()
>winbindd_create_user: Cannot validate gid for group (Domain Users)
>[ 4061]: getpwnam tuser2
>user 'tuser2' does not exist
>[ 4061]: getpwnam TUSER2
>user 'TUSER2' does not exist
>[ 4061]: create_user: user=>(tuser2), group=>()
>winbindd_create_user: Cannot validate gid for group (Domain Users)
>[ 4061]: getpwnam d1+tuser2
>user 'tuser2' does not exist
>[ 4061]: getpwnam D1+tuser2
>user 'tuser2' does not exist
>[ 4061]: getpwnam D1+TUSER2
>user 'TUSER2' does not exist
>[ 4061]: getpwnam tuser2
>user 'tuser2' does not exist
>[ 4061]: getpwnam TUSER2
>user 'TUSER2' does not exist
>[ 4061]: create_user: user=>(tuser2), group=>()
>winbindd_create_user: Cannot validate gid for group (Domain Users)
>[ 4061]: getpwnam tuser2
>user 'tuser2' does not exist
>[ 4061]: getpwnam TUSER2
>user 'TUSER2' does not exist
>
>
>
>
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba
>


Kevin M. Barrett

KMB IT Consulting, Inc
508-450-7717

More information about the samba mailing list