[Samba] Re: wbinfo -a not working

Ryan Novosielski novosirj at umdnj.edu
Thu Mar 6 16:07:39 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've had similar problems as well, though I was using Solaris 10u3. I
never have had the time to dedicate to getting it working. On Solaris,
getting the PAM/nsswitch stuff correct enough was my biggest problem
(since on Solaris, PAM is a little different than Linux). One day.

=R

Whit Blauvelt wrote:
> Similar problem here, running Ubuntu Workstation 7.10 (so, also Debian). But
> it looks like I'm failing a stop beyond you.
> 
> Works
>   kinit
>   wbinfo -u
>   wbinfo -g 
>   wbinfo -t
> 
> Fails - but note last line is a different result:
>   wbinfo -a whit%<pass>
> 
>   plaintext password authentication failed
>   error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
>   error messsage was: No such user
>   Could not authenticate user whit%<passwith plaintext password
>   challenge/response password authentication succeeded
> 
> However, despite the "succeeded" message there, from another box I see:
> 
>   # smbclient //no3/ftp  -Uwhit%<pass                                                                                                      
>   Domain=[ABC] OS=[Unix] Server=[Samba 3.0.26a]
>   tree connect failed: NT_STATUS_ACCESS_DENIED
> 
> And from samba:
> 
> [2008/02/16 15:05:30, 2] auth/auth.c:check_ntlm_password(309)
>   check_ntlm_password:  authentication for user [whit] -[whit] -[whit] succeeded
> [2008/02/16 15:05:30, 0] auth/auth_util.c:create_builtin_administrators(792)
>   create_builtin_administrators: Failed to create Administrators
> [2008/02/16 15:05:30, 2] auth/auth_util.c:create_local_nt_token(914)
>   create_local_nt_token: Failed to create BUILTIN\Administrators group!
> [2008/02/16 15:05:30, 0] auth/auth_util.c:create_builtin_users(758)
>   create_builtin_users: Failed to create Users
> [2008/02/16 15:05:30, 2] auth/auth_util.c:create_local_nt_token(941)
>   create_local_nt_token: Failed to create BUILTIN\Users group!
> [2008/02/16 15:05:30, 2] lib/access.c:check_access(323)
>   Allowed connection from  (192.168.1.250)
> [2008/02/16 15:05:30, 2] lib/access.c:check_access(323)
>   Allowed connection from  (192.168.1.250)
> [2008/02/16 15:05:30, 2] smbd/service.c:make_connection_snum(616)
>   user 'whit' (from session setup) not permitted to access this share (FTP)
> 
> Despite that in smb.conf there is:
> 
> [global]
>   winbind separator = \
>   ...
> [FTP]
>   valid users = ABC\whit
>   ...
> 
> In looking around for docs, nothing is complete, nothing is well
> cross-referenced with the rest, but this seems among the best:
> http://wiki.samba.org/index.php/Samba_&_Active_Directory
> 
> I've found some old posts to this list about the BUILTIN stuff I ran into
> above, but just the problem reports, no description of the solution - or
> even if the errors there have anything to do with the subsequent failure to
> recognize that, yes samba, user 'whit' has explicit permission in smb.conf.
> It also fails with "winbind use default domain" which reportedly should mean
> no need to specify as "ABC\whit" but just "whit" should do. 
> 
> I've tried both krb5 and heimdal, with identical results. Curiously I was
> able to get it working just if my nsswitch.conf listed _only_ winbind for
> passwd: and group: entries - although of course without "compat" or "files"
> on that line local system users time out and the system becomes unusable
> after a short. The remote login then went fine though, using AD. WTF?
> 
> Whit
>  
> On Sat, Feb 16, 2008 at 05:00:07PM +0100, Rutger Beyen wrote:
>>  
>> I'm trying to connect my Debian 4 samba box to my Windows 2003Server Active
>> Directory.
>> I successfully joined the domain, with net ads join. Wireshark captures a
>> lot of packets going over the wire, and I get the message "joined the domain
>> successfully". In my AD, under 'computers', the samba box appeared. So that
>> all works.
>> Asking a kerberos ticket for a user with kinit is also successful. So
>> kerberos is working fine.
>>  
>> Wbinfo -u gives me all the users I have in my AD, and wbinfo -g does the
>> same with all the groups. wbinfo -t also working fine.
>> But when I try wbinfo -a rutger%rutger, I get 
>>  
>>         plaintext password authentication failed
>>     error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
>>     error messsage was: No such user
>>     Could not authenticate user rutger%rutger with plaintext password
>>     challenge/response password authentication failed
>>     error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
>>     error messsage was: No such user
>>     Could not authenticate user rutger with challenge/response
>>  
>> Same result with wbinfo -K. It says the user does not exist, but it is there
>> when I do a wbinfo -u.


- --
 ---- _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH0BbLmb+gadEcsb4RAnySAKC0ay2yZz4vIpIrgEv6mXW7WRUTTACdGKAK
okZoh2YoI+/W4NqMl3N1O08=
=BEXM
-----END PGP SIGNATURE-----


More information about the samba mailing list