[Samba] Re: Trusted domain user login

Carlos Lorenzo Matés clmates at mundo-r.com
Tue Jan 29 20:42:32 GMT 2008 

Hi.


El Martes, 29 de Enero de 2008, Thorkil Olesen escribió:
> Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes:
> > I have logged in the samba server as root and tried this
> >
> > myserver:~ # wbinfo -a clorenzo%myrealpassword
> > plaintext password authentication failed
> > error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
> > error messsage was: Invalid handle
> > Could not authenticate user clorenzo%myrealpassword with plaintext
> > password challenge/response password authentication failed
> > error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
> > error messsage was: Invalid handle
> > Could not authenticate user clorenzo with challenge/response
>
> Maybe you should try:
>
> wbinfo -a NTDOMAIN\\clorenzo%myrealpassword

This was my first try and it says exactly the same.


>
> > wbinfo -u and wbinfo -g gets right the list of users and groups from the
> > NT domain
>
> That is a good sign!
>
> wbinfo is a great tool to examine how winbind sees the world. I spent some
> time on an interdomain trust to a W2k3-server, but I think my problem was
> different from yours. Have you set up nsswitch.conf? Can you see a user
> with getent?


We have the very same users groups and passwords in the NT Domain and in the 
samba Domain, our samba domain uses ldap for storage.


 
Here is our nsswitch.conf

# This works:
#passwd:        ldap compat
#group: ldap compat

# As does this:
passwd: files ldap
group:  files ldap

hosts:  files dns wins
networks:       files dns

services:       files ldap
protocols:      files
rpc:    files
ethers: files
netmasks:       files
netgroup:       files ldap
publickey:      files

bootparams:     files
automount:      files nis ldap
aliases:        files ldap
passwd_compat:  ldap winbind
group_compat:   ldap winbind
shadow: compat

#passwd_compat: ldap
#group_compat: ldap
#shadow: compat

getent returns the ldap users, groups and paswwords, should getent also return 
the NT domain users when they are the same?


Thanks


-- 
Un saludo.

Carlos Lorenzo Matés.
clmates AT mundo-r DOT com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
Url : http://lists.samba.org/archive/samba/attachments/20080129/91d9c19c/attachment.bin

More information about the samba mailing list