[Samba] winbind stops working after first failed login

Danilo Godec danilo.godec at agenda.si
Fri Feb 18 06:36:21 MST 2011


Here is my setup.

samba+winbind on OpenSuse 11.3 (samba 3.5.4).

Using winbind to auth to another samba+ldap server.

Authentication works until first failed login:

host:~ # wbinfo -a prod\\user%goodpass
plaintext password authentication succeeded
challenge/response password authentication succeeded

host:~ # wbinfo -a prod\\user%badpass
plaintext password authentication failed
Could not authenticate user prod\user%badpass with plaintext password
challenge/response password authentication failed
error code was NT code 0x1c010002 (0x1c010002)
error messsage was: NT code 0x1c010002
Could not authenticate user prod\user with challenge/response

test:~ # wbinfo -a prod\\user%goodpass
plaintext password authentication failed
Could not authenticate user prod\user%goodpass with plaintext password
challenge/response password authentication failed
error code was NT code 0x1c010002 (0x1c010002)
error messsage was: NT code 0x1c010002
Could not authenticate user prod\user with challenge/response

Then I make:
host:~ # wbinfo -t
checking the trust secret for domain PROD via RPC calls succeeded

And then the login works again, until first failed login again.

I authenticate with winbind to the same server with another
samba+winbind machine (3.0.23d) and it works ok.

Could this be some kind of bug in 3.5.4 samba or is there a workaround
for this?

this is my client side (winbind) samba config:

[global]
        workgroup = PROD
#       passdb backend = tdbsam
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        map to guest = Bad User
        include = /etc/samba/dhcp.conf
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        usershare allow guests = Yes

        os level = 2
        time server = No
        local master = No
        preferred master = No
        unix extensions = Yes
        encrypt passwords = Yes
        log level = 3
        syslog = 0
        socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
        wins server = 192.168.103.100
        name resolve order = hosts lmhosts wins bcast
        veto files = /*.eml/*.nws/riched20.dll/*.{*}/
        security = domain
        password server = smblpp
#       winbind separator = +
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        template homedir = /home/%D/%U
        template shell = /bin/false



Any help would be appreciated.


-- 
Sebastijan Šilec, sistemska podpora

Predlog! Obiscite prenovljeno spletno stran http://www.agenda.si

ODPRTA KODA IN LINUX
STORITVE : POSLOVNE RESITVE : UPRAVLJANJE IT : INFRASTRUKTURA IT :
IZOBRAZEVANJE : PROGRAMSKA OPREMA

Visit our updated web page at http://www.agenda.si

OPEN SOURCE AND LINUX
SERVICES : BUSINESS SOLUTIONS : IT MANAGEMENT : IT INFRASTRUCTURE :
TRAINING : SOFTWARE




More information about the samba mailing list