[Samba] winbind stops working after first failed login
Danilo Godec
danilo.godec at agenda.si
Fri Feb 18 06:36:21 MST 2011
Here is my setup.
samba+winbind on OpenSuse 11.3 (samba 3.5.4).
Using winbind to auth to another samba+ldap server.
Authentication works until first failed login:
host:~ # wbinfo -a prod\\user%goodpass
plaintext password authentication succeeded
challenge/response password authentication succeeded
host:~ # wbinfo -a prod\\user%badpass
plaintext password authentication failed
Could not authenticate user prod\user%badpass with plaintext password
challenge/response password authentication failed
error code was NT code 0x1c010002 (0x1c010002)
error messsage was: NT code 0x1c010002
Could not authenticate user prod\user with challenge/response
test:~ # wbinfo -a prod\\user%goodpass
plaintext password authentication failed
Could not authenticate user prod\user%goodpass with plaintext password
challenge/response password authentication failed
error code was NT code 0x1c010002 (0x1c010002)
error messsage was: NT code 0x1c010002
Could not authenticate user prod\user with challenge/response
Then I make:
host:~ # wbinfo -t
checking the trust secret for domain PROD via RPC calls succeeded
And then the login works again, until first failed login again.
I authenticate with winbind to the same server with another
samba+winbind machine (3.0.23d) and it works ok.
Could this be some kind of bug in 3.5.4 samba or is there a workaround
for this?
this is my client side (winbind) samba config:
[global]
workgroup = PROD
# passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
os level = 2
time server = No
local master = No
preferred master = No
unix extensions = Yes
encrypt passwords = Yes
log level = 3
syslog = 0
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
wins server = 192.168.103.100
name resolve order = hosts lmhosts wins bcast
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
security = domain
password server = smblpp
# winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /home/%D/%U
template shell = /bin/false
Any help would be appreciated.
--
Sebastijan Šilec, sistemska podpora
Predlog! Obiscite prenovljeno spletno stran http://www.agenda.si
ODPRTA KODA IN LINUX
STORITVE : POSLOVNE RESITVE : UPRAVLJANJE IT : INFRASTRUKTURA IT :
IZOBRAZEVANJE : PROGRAMSKA OPREMA
Visit our updated web page at http://www.agenda.si
OPEN SOURCE AND LINUX
SERVICES : BUSINESS SOLUTIONS : IT MANAGEMENT : IT INFRASTRUCTURE :
TRAINING : SOFTWARE
More information about the samba
mailing list