[Samba] Re: wbinfo -a not working
Ryan Novosielski
novosirj at umdnj.edu
Thu Mar 6 16:07:39 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've had similar problems as well, though I was using Solaris 10u3. I
never have had the time to dedicate to getting it working. On Solaris,
getting the PAM/nsswitch stuff correct enough was my biggest problem
(since on Solaris, PAM is a little different than Linux). One day.
=R
Whit Blauvelt wrote:
> Similar problem here, running Ubuntu Workstation 7.10 (so, also Debian). But
> it looks like I'm failing a stop beyond you.
>
> Works
> kinit
> wbinfo -u
> wbinfo -g
> wbinfo -t
>
> Fails - but note last line is a different result:
> wbinfo -a whit%<pass>
>
> plaintext password authentication failed
> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
> error messsage was: No such user
> Could not authenticate user whit%<passwith plaintext password
> challenge/response password authentication succeeded
>
> However, despite the "succeeded" message there, from another box I see:
>
> # smbclient //no3/ftp -Uwhit%<pass
> Domain=[ABC] OS=[Unix] Server=[Samba 3.0.26a]
> tree connect failed: NT_STATUS_ACCESS_DENIED
>
> And from samba:
>
> [2008/02/16 15:05:30, 2] auth/auth.c:check_ntlm_password(309)
> check_ntlm_password: authentication for user [whit] -[whit] -[whit] succeeded
> [2008/02/16 15:05:30, 0] auth/auth_util.c:create_builtin_administrators(792)
> create_builtin_administrators: Failed to create Administrators
> [2008/02/16 15:05:30, 2] auth/auth_util.c:create_local_nt_token(914)
> create_local_nt_token: Failed to create BUILTIN\Administrators group!
> [2008/02/16 15:05:30, 0] auth/auth_util.c:create_builtin_users(758)
> create_builtin_users: Failed to create Users
> [2008/02/16 15:05:30, 2] auth/auth_util.c:create_local_nt_token(941)
> create_local_nt_token: Failed to create BUILTIN\Users group!
> [2008/02/16 15:05:30, 2] lib/access.c:check_access(323)
> Allowed connection from (192.168.1.250)
> [2008/02/16 15:05:30, 2] lib/access.c:check_access(323)
> Allowed connection from (192.168.1.250)
> [2008/02/16 15:05:30, 2] smbd/service.c:make_connection_snum(616)
> user 'whit' (from session setup) not permitted to access this share (FTP)
>
> Despite that in smb.conf there is:
>
> [global]
> winbind separator = \
> ...
> [FTP]
> valid users = ABC\whit
> ...
>
> In looking around for docs, nothing is complete, nothing is well
> cross-referenced with the rest, but this seems among the best:
> http://wiki.samba.org/index.php/Samba_&_Active_Directory
>
> I've found some old posts to this list about the BUILTIN stuff I ran into
> above, but just the problem reports, no description of the solution - or
> even if the errors there have anything to do with the subsequent failure to
> recognize that, yes samba, user 'whit' has explicit permission in smb.conf.
> It also fails with "winbind use default domain" which reportedly should mean
> no need to specify as "ABC\whit" but just "whit" should do.
>
> I've tried both krb5 and heimdal, with identical results. Curiously I was
> able to get it working just if my nsswitch.conf listed _only_ winbind for
> passwd: and group: entries - although of course without "compat" or "files"
> on that line local system users time out and the system becomes unusable
> after a short. The remote login then went fine though, using AD. WTF?
>
> Whit
>
> On Sat, Feb 16, 2008 at 05:00:07PM +0100, Rutger Beyen wrote:
>>
>> I'm trying to connect my Debian 4 samba box to my Windows 2003Server Active
>> Directory.
>> I successfully joined the domain, with net ads join. Wireshark captures a
>> lot of packets going over the wire, and I get the message "joined the domain
>> successfully". In my AD, under 'computers', the samba box appeared. So that
>> all works.
>> Asking a kerberos ticket for a user with kinit is also successful. So
>> kerberos is working fine.
>>
>> Wbinfo -u gives me all the users I have in my AD, and wbinfo -g does the
>> same with all the groups. wbinfo -t also working fine.
>> But when I try wbinfo -a rutger%rutger, I get
>>
>> plaintext password authentication failed
>> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
>> error messsage was: No such user
>> Could not authenticate user rutger%rutger with plaintext password
>> challenge/response password authentication failed
>> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
>> error messsage was: No such user
>> Could not authenticate user rutger with challenge/response
>>
>> Same result with wbinfo -K. It says the user does not exist, but it is there
>> when I do a wbinfo -u.
- --
---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II
|$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH0BbLmb+gadEcsb4RAnySAKC0ay2yZz4vIpIrgEv6mXW7WRUTTACdGKAK
okZoh2YoI+/W4NqMl3N1O08=
=BEXM
-----END PGP SIGNATURE-----
More information about the samba
mailing list