[Samba] samba / winbind user authentication problem

Johannes Schmid smbml at rotfl.org
Sun Dec 9 06:14:29 MST 2012


I just wanted to answer my question in case anybody has the same problem 
and is looking for an answer...

On Sun, 02 Dec 2012 22:46, I wrote:

 > I have a problem with samba / winbind PAM authentication. Domain
 > controller is samba4, machines users log on to via PAM are samba 3.6
 > (all of them ubuntu 12.04 LTS). The whole user authentication was
 > working already, but after a reboot it somehow broke. Additional
 > reboots don't help.
> The funny thing is that all logs look quite OK to me (except for the
>single line saying NT_STATUS_LOGON_FAILURE).
> Also wbinfo only gives me positive feedback:
> # wbinfo --user-info john
> john:*:1001:2000::/home/john:/bin/bash
> [...]
> # wbinfo --pam-logon john
> Enter john's password: ********
> plaintext password authentication succeeded

The whole problem is coming from an old ubuntu help wiki page
suggesting to use:

	kerberos method = system keytab

in smb.conf -- instead you should be using:

	kerberos method = secrets and keytab

I somehow changed this line to match ubuntu documentation when debugging
a different problem and did not revert that change.
See https://bugzilla.samba.org/show_bug.cgi?id=6833

You should never blindly copy anything from the internet :)

Best regards,

More information about the samba mailing list