[Samba] Half of visible AD user accounts have no info using wbinfo
-i, logins fail
Rob Carlson
rob at vees.net
Thu Oct 11 15:36:42 GMT 2007
I have a Debian server linked to Active Directory for authentication
using winbindd. About a month after installation one of the users
reported not being able to access a share on this machine. The same
user is able to use AD credentials to access all shares on a practically
identical second server. I couldn't swear that all config files are
identical down to the line, but it is also using winbindd and Samba for
file share access and was set up the same day as the non-working one.
Other users on the same machine are not having access issues.
>From that server I run the following command:
# for user in `wbinfo -u`; do wbinfo -i $user; done
I get a list of the 70-some usernames, about half of which are:
Could not get info for user NETWORKPUB\user1
and half of which come up with the correct info line of:
DOMAIN\user2:*:515:500:User Two:/home/DOMAIN/user2:/bin/false
On the working machine, this command returns all correct info lines.
I can't see any particular pattern to which usernames fail, but a number
of them _may_ be recently added users. A test user that I added this
morning is one of the failures.
The Samba logs when the authentication fails look like this:
[2007/10/11 09:19:51, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows Server 2003 R2 3790 Service Pack 1] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 R2 5.2]
[2007/10/11 09:19:51, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
Got user=[user1] domain=[DOMAIN] workstation=[WS01] len1=24 len2=24
[2007/10/11 09:19:51, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[DOMAIN]\[user1]@[WS01] with the new password interface
[2007/10/11 09:19:51, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [DOMAIN]\[user1]@[WS01]
[2007/10/11 09:19:51, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/10/11 09:19:51, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/10/11 09:19:51, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/10/11 09:19:51, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/10/11 09:19:58, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [user1] -> [user1] FAILED
with error NT_STATUS_NO_SUCH_USER
[2007/10/11 09:19:58, 3] smbd/error.c:error_packet(146)
I have restarted winbindd, samba, refreshed my Kerberos tickets, and
rebooted the machine (in various combinations) to no avail.
Any advice would be greatly appreciated.
--
Rob Carlson rob at vees.net http://vees.net/
More information about the samba
mailing list