[Samba] Bad password when attempting login to SSH with AD account

Trimble, Ronald D Ronald.Trimble at unisys.com
Wed Apr 12 19:44:03 GMT 2006


Everyone,

            I have several servers set up, all running the same levels
of samba and winbind.  I am able to see the domain and authenticate
users without any trouble.  I am attempting to get integrated logins to
work with SSH.  I have it working on one server, but two others (with
the exact same config) do not work.  

 

            On the box the works, I get the following message in
/var/log/messages when I log in with my domain account.

Apr 12 15:28:21 ustr-MINT-A-5 sshd[8643]: Accepted
keyboard-interactive/pam for root from 192.63.xxx.xxx port 4102 ssh2

Apr 12 15:28:49 ustr-MINT-A-5 pam_winbind[8668]: user 'NA\trimblrd'
granted access

Apr 12 15:28:49 ustr-MINT-A-5 pam_winbind[8668]: user 'NA\trimblrd'
granted access

Apr 12 15:28:49 ustr-MINT-A-5 sshd[8666]: Accepted
keyboard-interactive/pam for NA\\trimblrd from 192.63.xxx.xxx port 4104
ssh2

 

            Using the same ID, I get the following messages on the two
servers that don't work.

Apr 12 15:26:27 ustr-MINT-A-2 sshd[9329]: Invalid user NA\\trimblrd from
192.63.xxx.xxx

Apr 12 15:26:29 ustr-MINT-A-2 pam_winbind[9331]: request failed: Wrong
Password, PAM error was 7, NT error was NT_STATUS_WRONG_PASSWORD

Apr 12 15:26:29 ustr-MINT-A-2 pam_winbind[9331]: user `NA\trimblrd'
denied access (incorrect password)

Apr 12 15:26:29 ustr-MINT-A-2 sshd[9329]: error: PAM: User not known to
the underlying authentication module for illegal user NA\\trimblrd from
ustr-trimblrd.na.uis.unisys.com

Apr 12 15:26:29 ustr-MINT-A-2 sshd[9329]: Failed
keyboard-interactive/pam for invalid user NA\\trimblrd from
192.63.xxx.xxx port 4096 ssh2

 

            Of course you first thought will be that I am entering the
wrong password, but I have ruled that out by repeating this process
dozens of times with multiple accounts.  The strange thing is that AD
thinks I really am sending an incorrect password as an my account shows
an invalid password attempt in AD.  Has anyone seen this problem?  Do
you know what I may be missing?

 

Thanks in advance,

Ron

 



More information about the samba mailing list