[Samba] AD logins fail

Yan Seiner yan at seiner.com
Thu Sep 4 11:53:56 MDT 2014 

On 09/03/2014 03:28 PM, Yan Seiner wrote:
>
> On 09/03/2014 03:23 PM, Yan Seiner wrote:
>> I migrated my config to a new server, and now logins against the AD 
>> server are failing.
>>
>> If I try the correct password, I get:
>>
>> check_ntlm_password:  Authentication for user [yans] -> [yans] FAILED 
>> with error NT_STATUS_NO_SUCH_USER
>>
>> But if I try with a wrong password I get:
>>
>> check_ntlm_password:  Authentication for user [yans] -> [yans] FAILED 
>> with error NT_STATUS_WRONG_PASSWORD
>>
>> Where do I look?
>>
>> pam config:
>>
>> password        [success=2 default=ignore]      pam_unix.so obscure 
>> sha512
>> password        [success=1 default=ignore]      pam_winbind.so 
>> use_authtok try_first_pass
>> password        requisite                       pam_deny.so
>> password        required                        pam_permit.so
>> password        optional                        pam_smbpass.so nullok 
>> use_authtok use_first_pass
>>
>> nsswtich.conf:
>>
>> passwd:     compat winbind
>> shadow:     compat
>> group:      compat winbind
>>
>> smb.conf:
>>
>> [global]
>>    workgroup = HPM
>>    netbios name = wiki
>>    server string = %h server (roadtrekwiki)
>>    log level = 2
>>    log file = /var/log/samba/log.%m
>>    max log size = 1000
>>    syslog = 0
>>    panic action = /usr/share/samba/panic-action %d
>>    security = ads
>>    realm = HPM.NET
>>
>>      idmap config *:backend = tdb
>>      idmap config *:range = 70001-80000
>>
>>    winbind enum users = yes
>>    winbind enum groups = yes
>>
>>      domain master = no
>>      local master = no
>>      preferred master = no
>>      os level = 20
>>      map to guest = bad user
>>      map untrusted to domain = Yes
>>
>> wbinfo stuff:
>>
>> root at wiki:/etc/samba# wbinfo -D HPM
>> Name              : HPM
>> Alt_Name          : HPM.net
>> SID               : S-1-5-21-2459339012-1500590541-72990266
>> Active Directory  : Yes
>> Native            : Yes
>> Primary           : Yes
>> root at wiki:/etc/samba# wbinfo --own-domain
>> HPM
>> root at wiki:/etc/samba# wbinfo --domain HPM -i 'yans'
>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not get info for user yans
>> root at wiki:/etc/samba# wbinfo -u | grep yans
>> HPM\yans
>>
>> What in the world am I doing wrong?
> I just tried this:
>
> root at wiki:/etc/samba# wbinfo -a yans%xxxx
> plaintext password authentication failed
> Could not authenticate user yans%xxxx with plaintext password
> challenge/response password authentication succeeded
> root at wiki:/etc/samba#
>
> Now I'm really confused.  :(
Hmmph....

Worked fine this morning.  Must be Windows caching credentials or something.

More information about the samba mailing list