[Samba] wbinfo -a fails plaintext auth; passes challenge/response
Dale Schroeder
dale at BriannasSaladDressing.com
Fri Apr 30 11:43:42 MDT 2010
Mike,
Assuming turgon is an AD user, try "username=DACRIB+turgon" for the cifs
mount.
Dale
On 04/29/2010 7:44 PM, Mike Leone wrote:
> Any clues?
>
> I also can't mount shares, I'm guessing it's all related:
>
> $ sudo mount -t smbfs -o username=turgon,password=*******
> //workhorse/OldHome /mnt
> mount error(13): Permission denied
> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
>
> The "turgon" account is a Domain Admin, not to mention owner of the
> share I am trying to mount.
>
>
>> Once again, I am trying to add a machine to my Win2003 AD (that has
>> Services for Unix installed). I am using Xubuntu 9.10, and samba 3.4.0.
>> I set up Kerberos, and am getting a ticket. I have successfully joined
>> the domain.
>>
>> # net ads join -U administrator
>> Enter administrator's password:
>> Using short domain name -- DACRIB
>> Joined 'DUAL-BOOTER' to realm 'DaCrib.local'
>>
>> wbinfo -u does return all users, both local and AD.
>> wbinfo -g returns all groups, both local and AD.
>> wbinfo -t succeeds.
>>
>> However, I am failing plaintext authentication, with wbinfo -a:
>>
>> wbinfo -a turgon
>> Enter turgon's password:
>> plaintext password authentication failed
>> Could not authenticate user turgon with plaintext password
>> Enter turgon's password:
>> challenge/response password authentication succeeded
>>
>> Google seems to be non-helpful, with this failure message from samba.
>>
>> Can anyone shed any light on my problem? Eventually, I want to configure
>> this machine so that I can log into the machine using only AD accounts
>> (no local logins), but I didn't want to proceed, until I had this
>> problem solved.
>>
> testparm:
>
> [global]
> workgroup = DACRIB
> realm = DACRIB.LOCAL
> server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
> security = ADS
> map to guest = Bad User
> password server = dim-win2300.DaCrib.local
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> unix password sync = Yes
> log level = 1
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> os level = 2
> local master = No
> domain master = No
> dns proxy = No
> eventlog list = Application, System, Security, SyslogLinux
> usershare allow guests = Yes
> panic action = /usr/share/samba/panic-action %d
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template shell = /bin/bash
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nss info = rfc2307
> winbind refresh tickets = Yes
> idmap config DACRIB:schema_mode = rfc2307
> idmap config DACRIB: default = true
> invalid users = root
> read only = No
> create mask = 0700
> directory mask = 0775
>
>
>
More information about the samba
mailing list