[Samba] AD logins fail
Yan Seiner
yan at seiner.com
Thu Sep 4 11:53:56 MDT 2014
On 09/03/2014 03:28 PM, Yan Seiner wrote:
>
> On 09/03/2014 03:23 PM, Yan Seiner wrote:
>> I migrated my config to a new server, and now logins against the AD
>> server are failing.
>>
>> If I try the correct password, I get:
>>
>> check_ntlm_password: Authentication for user [yans] -> [yans] FAILED
>> with error NT_STATUS_NO_SUCH_USER
>>
>> But if I try with a wrong password I get:
>>
>> check_ntlm_password: Authentication for user [yans] -> [yans] FAILED
>> with error NT_STATUS_WRONG_PASSWORD
>>
>> Where do I look?
>>
>> pam config:
>>
>> password [success=2 default=ignore] pam_unix.so obscure
>> sha512
>> password [success=1 default=ignore] pam_winbind.so
>> use_authtok try_first_pass
>> password requisite pam_deny.so
>> password required pam_permit.so
>> password optional pam_smbpass.so nullok
>> use_authtok use_first_pass
>>
>> nsswtich.conf:
>>
>> passwd: compat winbind
>> shadow: compat
>> group: compat winbind
>>
>> smb.conf:
>>
>> [global]
>> workgroup = HPM
>> netbios name = wiki
>> server string = %h server (roadtrekwiki)
>> log level = 2
>> log file = /var/log/samba/log.%m
>> max log size = 1000
>> syslog = 0
>> panic action = /usr/share/samba/panic-action %d
>> security = ads
>> realm = HPM.NET
>>
>> idmap config *:backend = tdb
>> idmap config *:range = 70001-80000
>>
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> domain master = no
>> local master = no
>> preferred master = no
>> os level = 20
>> map to guest = bad user
>> map untrusted to domain = Yes
>>
>> wbinfo stuff:
>>
>> root at wiki:/etc/samba# wbinfo -D HPM
>> Name : HPM
>> Alt_Name : HPM.net
>> SID : S-1-5-21-2459339012-1500590541-72990266
>> Active Directory : Yes
>> Native : Yes
>> Primary : Yes
>> root at wiki:/etc/samba# wbinfo --own-domain
>> HPM
>> root at wiki:/etc/samba# wbinfo --domain HPM -i 'yans'
>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not get info for user yans
>> root at wiki:/etc/samba# wbinfo -u | grep yans
>> HPM\yans
>>
>> What in the world am I doing wrong?
> I just tried this:
>
> root at wiki:/etc/samba# wbinfo -a yans%xxxx
> plaintext password authentication failed
> Could not authenticate user yans%xxxx with plaintext password
> challenge/response password authentication succeeded
> root at wiki:/etc/samba#
>
> Now I'm really confused. :(
Hmmph....
Worked fine this morning. Must be Windows caching credentials or something.
More information about the samba
mailing list