[Samba] wbinfo works, getent and check via smbclient not

Karsten Römke k.roemke at gmx.de
Wed Mar 3 07:20:23 MST 2010 

Hello,
I have a problem in authentification vs ads.

History:
- Samba works as stand-alone server (non productive)
- some experiments with connection to a ldap-Server running on another -
machine.
- Trying to join to Active Directory, since I have no success I deinstalled
  samba completely and reinstall it.

Versions:

	 OpenSuse 11.1 (actual apart from the kernel)
         Samba samba-3.2.7-11.4.1
         winbind: samba-winbind-3.2.7-11.4.1
         Windows 2003 Server with ADS

I followed the artikel in
http://www.pro-linux.de/NB3/artikel/2/1110/3,next.html
(sorry it's german) and looked to the official samba howto.


The following tests I have done:

not sure: kinit, I set up /etc/krb5.conf

(roemke is a local user and a user of ADS with
admin rights)

net ads join -S hhbnt12.hhb.bonn.de -Uroemke%xyz
seems to work, Server says that I have joined the
Domain but DNS update failed.

test:
www:/etc/samba # net ads testjoin
Join is OK

test:
wbinfo -u
-> shows all usernames on active directory but no machines
  as mentioned in the samba wiki

www:/etc/samba # wbinfo -a roemkea%xyz
plaintext password authentication succeeded
challenge/response password authentication succeeded
roemkea is a non local user, only available in the ads

getent passwd
shows only local users :-(

I checked the nsswitch.conf and do symbolik links
/lib/libnss_winbind ...


I think at that point I could stop, bu I tested via smbclient:

(roemkea is ADS User)
smbclient //www/documentsWrite -Uroemkea
->  NT_STATUS_ACCESS_DENIED
Log-File:
[2010/03/03 14:34:25,  3] auth/auth.c:check_ntlm_password(220)
  check_ntlm_password:  Checking password for unmapped user
 [NT_TECHNOLOGIE]\[roemkea]@[WWW] with the new password interface
[2010/03/03 14:34:25,  3] auth/auth.c:check_ntlm_password(223)
  check_ntlm_password:  mapped user is: [NT_TECHNOLOGIE]\[roemkea]@[WWW]
[2010/03/03 14:34:25,  2] auth/auth.c:check_ntlm_password(318)
  check_ntlm_password:  Authentication for user [roemkea] -> [roemkea]
 FAILED with error NT_STATUS_NO_SUCH_USER

with localuser roemke:
NT_STATUS_ACCESS_DENIED
but  in the Log-File
[2010/03/03 14:35:33,  3] auth/auth.c:check_ntlm_password(220)
  check_ntlm_password:  Checking password for unmapped user
 [NT_TECHNOLOGIE]\[roemke]@[WWW] with the new password interface
[2010/03/03 14:35:33,  3] auth/auth.c:check_ntlm_password(223)
  check_ntlm_password:  mapped user is: [NT_TECHNOLOGIE]\[roemke]@[WWW]
[2010/03/03 14:35:33,  3] auth/auth.c:check_ntlm_password(269)
  check_ntlm_password: winbind authentication for user [roemke] succeeded
[2010/03/03 14:35:33,  2] auth/auth.c:check_ntlm_password(308)
  check_ntlm_password:  authentication for user [roemke] -> [roemke] ->
 [roemke] succeeded

I found no hint.
It seems that for a local user winbind ask the ADS and get back that
the authentification is ok, but I don't get access.
For a non local user I get the Information that there is no such user.

I don't understand what happens.

Any help would be nice

      Karsten

More information about the samba mailing list