[Samba] AD logins fail

Yan Seiner yan at seiner.com
Wed Sep 3 16:28:53 MDT 2014 

On 09/03/2014 03:23 PM, Yan Seiner wrote:
> I migrated my config to a new server, and now logins against the AD 
> server are failing.
>
> If I try the correct password, I get:
>
> check_ntlm_password:  Authentication for user [yans] -> [yans] FAILED 
> with error NT_STATUS_NO_SUCH_USER
>
> But if I try with a wrong password I get:
>
> check_ntlm_password:  Authentication for user [yans] -> [yans] FAILED 
> with error NT_STATUS_WRONG_PASSWORD
>
> Where do I look?
>
> pam config:
>
> password        [success=2 default=ignore]      pam_unix.so obscure 
> sha512
> password        [success=1 default=ignore]      pam_winbind.so 
> use_authtok try_first_pass
> password        requisite                       pam_deny.so
> password        required                        pam_permit.so
> password        optional                        pam_smbpass.so nullok 
> use_authtok use_first_pass
>
> nsswtich.conf:
>
> passwd:     compat winbind
> shadow:     compat
> group:      compat winbind
>
> smb.conf:
>
> [global]
>    workgroup = HPM
>    netbios name = wiki
>    server string = %h server (roadtrekwiki)
>    log level = 2
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    security = ads
>    realm = HPM.NET
>
>      idmap config *:backend = tdb
>      idmap config *:range = 70001-80000
>
>    winbind enum users = yes
>    winbind enum groups = yes
>
>      domain master = no
>      local master = no
>      preferred master = no
>      os level = 20
>      map to guest = bad user
>      map untrusted to domain = Yes
>
> wbinfo stuff:
>
> root at wiki:/etc/samba# wbinfo -D HPM
> Name              : HPM
> Alt_Name          : HPM.net
> SID               : S-1-5-21-2459339012-1500590541-72990266
> Active Directory  : Yes
> Native            : Yes
> Primary           : Yes
> root at wiki:/etc/samba# wbinfo --own-domain
> HPM
> root at wiki:/etc/samba# wbinfo --domain HPM -i 'yans'
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user yans
> root at wiki:/etc/samba# wbinfo -u | grep yans
> HPM\yans
>
> What in the world am I doing wrong?
I just tried this:

root at wiki:/etc/samba# wbinfo -a yans%xxxx
plaintext password authentication failed
Could not authenticate user yans%xxxx with plaintext password
challenge/response password authentication succeeded
root at wiki:/etc/samba#

Now I'm really confused.  :(

More information about the samba mailing list