[Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds
Robert Freeman-Day
presgas at gmail.com
Fri Oct 22 06:45:19 MDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/21/2010 09:36 PM, Gaiseric Vandal wrote:
> What kind of domain - samba PDC or Windows Active Directory ? Maybe the
> samba version is just too old.
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> On Behalf Of Steven Moyse
> Sent: Thursday, October 21, 2010 8:52 PM
> To: samba at lists.samba.org
> Subject: [Samba] Winbind user authentication (-a) fails, but kerberos
> authentication succeeds
>
> I am having trouble setting up winbind authentication.
>
> I have successfully joined the domain
>
> winbind -t OK
> winbind -u OK
> winbind -g OK
> winbind -K 'DOMAIN\user%password' OK
> winbind -a 'DOMAIN\user%password' FAIL
> For winbind -a:
> Plaintext authentication is attempted, and fails with
> NT_STATUS_ACCESS_DENIED
> challenge/response authentication is attempted, and fails with
> NT_STATUS_ACCESS_DENIED
>
> Am using SAMBA 3.0.33 on Redhat 5.4 patched to latest.
>
> I have previously configured many SAMBA servers
>
If you are joined to a Windows domain, you can update your RHEL to 5.5
and take advantage of Red Hat's Samba3x package. I wrote up a quickie
migration doc to get there:
https://wiki.uits.iu.edu/confluence-prd/pages/viewpage.action?pageId=116097702
It may be a good idea to migrate to it anyway to take advantages of
newer features.
- --
________
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkzBh18ACgkQup357T5MfTYAgACfeuGaOaI51WMgD86dVNCgzq4b
agkAoM2a2FT4qJSBC126yz1H/Zg/fCbP
=pzMb
-----END PGP SIGNATURE-----
More information about the samba
mailing list