[Samba] strange: wbinfo -a works, but smbclient doesn't?

Tim sambalist at darkgate.net
Tue Mar 28 04:19:45 GMT 2006 

Hi guys,

I have a strange problem.  I can authenticate a user with wbinfo from
my domain controller (security = ads), however when I try and map a
share, the authentication fails.   i.e.

# wbinfo -a 'COAL+bcanglo%bcpass'
plaintext password authentication succeeded
challenge/response password authentication succeeded

# smbclient '\\xxxxxxx\timtest' -U 'COAL\bcanglo' bcpass
added interface ip=10.xxx.xxx.101 bcast=10.xxx.xxx.255 nmask=255.255.255.0
Client started (version 3.0.14a based HP CIFS Server A.02.02).
Connecting to 10.xxx.xxx.101 at port 445
session setup failed: NT_STATUS_LOGON_FAILURE

Note:  That share definately exists.

I'm running winbindd in debug mode and I can see both commands talk to
winbind and both attempt to talk to the domain controller.   Yet
wbinfo works fine, and smbclient fails with this:

add_trusted_domain: COAL is an ADS native mode domain
[ 2547]: request interface version
[ 2547]: request location of privileged pipe
[ 2547]: getpwnam coal+bcanglo
ads: fetch sequence_number for COAL
sys_gethostbyname: Unknown host. \\10.xx.xx.101
ads_connect for domain COAL failed: No such file or directory
user 'bcanglo' does not exist
[ 2547]: getpwnam COAL+bcanglo
user 'bcanglo' does not exist
[ 2547]: getpwnam COAL+BCANGLO
user 'BCANGLO' does not exist

..and smbd debug says:

  check_ntlm_password:  Authentication for user [bcanglo] -> [bcanglo]
FAILED with error NT_STATUS_NO_SUCH_USER

....which makes no sense, because the user DEFINATELY exists, and the
winbindd/krb/ldap stuff is DEFINATELY set up and working:

# wbinfo -n 'COAL+bcanglo'
S-1-5-21-1955927045-6xxxxxxxx-239210854-5002 User (1)
# wbinfo -n 'COAL+BCANGLO'
S-1-5-21-1955927045-6xxxxxxxx-239210854-5002 User (1)

Now, interestingly if I use smbclient and intentionally get the
password wrong, smbd says this:

check_ntlm_password:  Authentication for user [bcanglo] -> [bcanglo]
FAILED with error NT_STATUS_WRONG_PASSWORD

Busted!  So I know its talking to the domain controller, and I know
that it knows the user exists.

Note:  The COAL domain is a trusted domain:

# wbinfo -m
XXXXXX
BUILTIN
COAL

I'm running the latest HP-UX packages and recommended libraries, so
this version of Samba is:

# smbd -V
Version 3.0.14a based HP CIFS Server A.02.02

So why can I test out a username/password with wbinfo, but get "User
does not exist" when I try and map a share with smbclient?

If you need more verbose debug output from smbd or winbindd, I'll be
happy to put some in.

Thanks,

Tim.

More information about the samba mailing list