[Samba] auth problem: wbinfo works, smbclient doesn't

Tim sambalist at darkgate.net
Wed Mar 29 04:43:43 GMT 2006

Hi guys,

I have a strange problem.  I can authenticate a user with wbinfo from my domain
controller (security =3D ads), however when I try and map a share, the
authentication fails.   i.e.

# wbinfo -a 'COAL+bcanglo%bcpass'
plaintext password authentication succeeded
challenge/response password authentication succeeded

# smbclient '\\xxxxxxx\timtest' -U 'COAL\bcanglo' bcpass
added interface ip=3D10.xxx.xxx.101 bcast=3D10.xxx.xxx.255 nmask=
Client started (version 3.0.14a based HP CIFS Server A.02.02).
Connecting to 10.xxx.xxx.101 at port 445
session setup failed: NT_STATUS_LOGON_FAILURE

Note:  That share definately exists.

I'm running winbindd in debug mode and I can see both commands talk to winbind
and both attempt to talk to the domain controller.   Yet wbinfo works fine, and
smbclient fails with this:

add_trusted_domain: COAL is an ADS native mode domain
[ 2547]: request interface version
[ 2547]: request location of privileged pipe
[ 2547]: getpwnam coal+bcanglo
ads: fetch sequence_number for COAL
sys_gethostbyname: Unknown host. \\10.xx.xx.101
ads_connect for domain COAL failed: No such file or directory
user 'bcanglo' does not exist
[ 2547]: getpwnam COAL+bcanglo
user 'bcanglo' does not exist
[ 2547]: getpwnam COAL+BCANGLO
user 'BCANGLO' does not exist

..and smbd debug says:

  check_ntlm_password:  Authentication for user [bcanglo] -> [bcanglo] FAILED

....which makes no sense, because the user DEFINATELY exists, and the
winbindd/krb/ldap stuff is DEFINATELY set up and working:

# wbinfo -n 'COAL+bcanglo'
S-1-5-21-1955927045-6xxxxxxxx-239210854-5002 User (1)
# wbinfo -n 'COAL+BCANGLO'
S-1-5-21-1955927045-6xxxxxxxx-239210854-5002 User (1)

Now, interestingly if I use smbclient and intentionally get the password wrong,
smbd says this:

check_ntlm_password:  Authentication for user [bcanglo] -> [bcanglo] FAILED with

Busted!  So I know its talking to the domain controller, and I know that it
knows the user exists.

Note:  The COAL domain is a trusted domain:

# wbinfo -m

I'm running the latest HP-UX packages and recommended libraries, so
this version of Samba is:

# smbd -V
Version 3.0.14a based HP CIFS Server A.02.02

So why can I test out a username/password with wbinfo, but get "User does not
exist" when I try and map a share with smbclient?

If you need more verbose debug output from smbd or winbindd, I'll be happy to
put some in.



More information about the samba mailing list