[Samba] AD logins fail
Yan Seiner
yan at seiner.com
Wed Sep 3 16:23:02 MDT 2014
I migrated my config to a new server, and now logins against the AD
server are failing.
If I try the correct password, I get:
check_ntlm_password: Authentication for user [yans] -> [yans] FAILED
with error NT_STATUS_NO_SUCH_USER
But if I try with a wrong password I get:
check_ntlm_password: Authentication for user [yans] -> [yans] FAILED
with error NT_STATUS_WRONG_PASSWORD
Where do I look?
pam config:
password [success=2 default=ignore] pam_unix.so obscure sha512
password [success=1 default=ignore] pam_winbind.so
use_authtok try_first_pass
password requisite pam_deny.so
password required pam_permit.so
password optional pam_smbpass.so nullok
use_authtok use_first_pass
nsswtich.conf:
passwd: compat winbind
shadow: compat
group: compat winbind
smb.conf:
[global]
workgroup = HPM
netbios name = wiki
server string = %h server (roadtrekwiki)
log level = 2
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ads
realm = HPM.NET
idmap config *:backend = tdb
idmap config *:range = 70001-80000
winbind enum users = yes
winbind enum groups = yes
domain master = no
local master = no
preferred master = no
os level = 20
map to guest = bad user
map untrusted to domain = Yes
wbinfo stuff:
root at wiki:/etc/samba# wbinfo -D HPM
Name : HPM
Alt_Name : HPM.net
SID : S-1-5-21-2459339012-1500590541-72990266
Active Directory : Yes
Native : Yes
Primary : Yes
root at wiki:/etc/samba# wbinfo --own-domain
HPM
root at wiki:/etc/samba# wbinfo --domain HPM -i 'yans'
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user yans
root at wiki:/etc/samba# wbinfo -u | grep yans
HPM\yans
What in the world am I doing wrong?
More information about the samba
mailing list