[Samba] auth problem: wbinfo works, smbclient doesn't

Tim sambalist at darkgate.net
Tue Apr 4 04:22:11 GMT 2006


Hi all,

I'm still having this problem.

What could possibly cause authentication to work via wbinfo, but not
via smbclient?

Any clues or pointers as to where I should be looking?  I assumed the
authentication code (the bit that talks to winbindd) would be the
same.

Many thanks in advance,

Timbo.

On 29/03/06, Tim <sambalist at darkgate.net> wrote:
> Hi guys,
>
> I have a strange problem.  I can authenticate a user with wbinfo from my domain
> controller (security =3D ads), however when I try and map a share, the
> authentication fails.   i.e.
>
> # wbinfo -a 'COAL+bcanglo%bcpass'
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
>
> # smbclient '\\xxxxxxx\timtest' -U 'COAL\bcanglo' bcpass
> added interface ip=3D10.xxx.xxx.101 bcast=3D10.xxx.xxx.255 nmask=255.255.255.0
> Client started (version 3.0.14a based HP CIFS Server A.02.02).
> Connecting to 10.xxx.xxx.101 at port 445
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> Note:  That share definately exists.
>
> I'm running winbindd in debug mode and I can see both commands talk to winbind
> and both attempt to talk to the domain controller.   Yet wbinfo works fine, and
> smbclient fails with this:
>
> add_trusted_domain: COAL is an ADS native mode domain
> [ 2547]: request interface version
> [ 2547]: request location of privileged pipe
> [ 2547]: getpwnam coal+bcanglo
> ads: fetch sequence_number for COAL
> sys_gethostbyname: Unknown host. \\10.xx.xx.101
> ads_connect for domain COAL failed: No such file or directory
> user 'bcanglo' does not exist
> [ 2547]: getpwnam COAL+bcanglo
> user 'bcanglo' does not exist
> [ 2547]: getpwnam COAL+BCANGLO
> user 'BCANGLO' does not exist
>
> ..and smbd debug says:
>
>   check_ntlm_password:  Authentication for user [bcanglo] -> [bcanglo] FAILED
> with error NT_STATUS_NO_SUCH_USER
>
> ....which makes no sense, because the user DEFINATELY exists, and the
> winbindd/krb/ldap stuff is DEFINATELY set up and working:
>
> # wbinfo -n 'COAL+bcanglo'
> S-1-5-21-1955927045-6xxxxxxxx-239210854-5002 User (1)
> # wbinfo -n 'COAL+BCANGLO'
> S-1-5-21-1955927045-6xxxxxxxx-239210854-5002 User (1)
>
> Now, interestingly if I use smbclient and intentionally get the password wrong,
> smbd says this:
>
> check_ntlm_password:  Authentication for user [bcanglo] -> [bcanglo] FAILED with
> error NT_STATUS_WRONG_PASSWORD
>
> Busted!  So I know its talking to the domain controller, and I know that it
> knows the user exists.
>
> Note:  The COAL domain is a trusted domain:
>
> # wbinfo -m
> XXXXXX
> BUILTIN
> COAL
>
> I'm running the latest HP-UX packages and recommended libraries, so
> this version of Samba is:
>
> # smbd -V
> Version 3.0.14a based HP CIFS Server A.02.02
>
> So why can I test out a username/password with wbinfo, but get "User does not
> exist" when I try and map a share with smbclient?
>
> If you need more verbose debug output from smbd or winbindd, I'll be happy to
> put some in.
>
> Thanks,
>
> Tim.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


More information about the samba mailing list