[Samba] weird winbind problem

Paolo Negri p_negri at modiano.com
Wed Mar 22 11:04:37 GMT 2006 

I'm setting up a samba server that should authenticate against a samba
3.0 +Ldap PDC server.
This is the situation

1) getenet passwd and getent group are ok
2) wbinfo -t -> checking the trust secret via RPC calls succeeded
3) wbinfo -g -> lists all the groups on PDC (nice!)
4) wbinfo -u -> lists all the users on PDC (nice again!)

the problem is wbinfo -a

test 1: a non existing user
---------------------------

wbinfo -a fakeuser%fakepwd

error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user fakeuser%fakepwd with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user fakeuser with challenge/response

so this is ok

test 2: existing user with wrong password
-----------------------------------------

wbinfo -a realuser%fakepwd

plaintext password authentication failed
error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
error messsage was: Wrong Password
Could not authenticate user realuser%fakepwd with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
error messsage was: Wrong Password
Could not authenticate user realuser with challenge/response

If I do this test multiple times the account gets correctly locked

this is ok

test 3: existing user with real password
----------------------------------------

wbinfo -a realuser%realpwd

plaintext password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user realuser%realpwd with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
error messsage was: No logon servers
Could not authenticate user realuser with challenge/response

What's wrong?

I'm using OpenSuSE 10.0

samba-3.0.21c-9.1.8
samba-client-3.0.21c-9.1.8
samba-winbind-3.0.21c-9.1.8

my smb.conf

[global]
         workgroup = MYDOMAIN
         netbios name = MYSERVER
         wins server = MY.PDC.IP.NUMBER
         winbind separator = +
         map to guest = Bad User
         include = /etc/samba/dhcp.conf
         winbind use default domain = yes
         auth methods = guest winbind
         log level = 3 passdb:5 auth:10 winbind:5
         security = domain

Thanks

Paolo

More information about the samba mailing list