[Samba] Pam-logon failure for AD users

VigneshDhanraj G vigneshdhanraj.g at gmail.com
Thu Dec 10 07:49:57 UTC 2015 

Hi,

This issue not solved, ftp and cifs using same way of authentication. but
when trying to access cifs it always shows the same ACCESS_DENIED error.

Regards,

Vigneshdhanraj G


On Tue, Nov 3, 2015 at 6:36 PM, Rowland Penny <rowlandpenny241155 at gmail.com>
wrote:

> On 03/11/15 12:25, VigneshDhanraj G wrote:
>
>> Hi Team,
>>
>> when i am running this command i am getting the following error
>> /usr/local/samba/bin/wbinfo --pam-logon="DOMAIN\testusr1"
>>
>> Enter DOMAIN\testusr1's password:
>> plaintext password authentication failed
>> error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
>> error message was: Access denied
>> pam_logon failed for DOMAIN\testusr1
>>
>> FTP and Cifs uses pam. Ftp authentication using domain working fine. But,
>> Cifs showing ACCESS_DENIED error.
>>
>> Samba version : 4.1.17
>>
>> In winbindd.log i could see
>> [2015/11/03 11:59:46.377088, 10, pid=435, effective(0, 0), real(0, 0),
>> class=winbind] ../source3/winbindd/winbindd.c:755(wb_request_done)
>>    wb_request_done[559:PAM_AUTH_CRAP]: NT_STATUS_ACCESS_DENIED
>>
>> My smb.conf is
>>
>> available= yes
>> restrict anonymous= 0
>> server string= LenovoEMC™ px6-300d
>> Workgroup= DOMAIN
>> netbios name= Debian
>> realm= DOMAIN.LOCAL
>> password server= 192.168.1.100, *
>> idmap backend= tdb
>> idmap uid= 5000-9999999
>> idmap gid= 5000-9999999
>> security= ADS
>> name resolve order= wins host bcast lmhosts
>> client use spnego= yes
>> dns proxy= no
>> winbind use default domain= no
>> winbind nested groups= yes
>> inherit acls= yes
>> winbind enum users= yes
>> winbind enum groups= yes
>> winbind separator= \\
>> winbind cache time= 300
>> winbind offline logon= true
>> template shell= /bin/sh
>> map to guest= Bad User
>> host msdfs= yes
>> strict allocate= yes
>> encrypt passwords= yes
>> passdb backend= smbpasswd
>> printcap name= lpstat
>> printable= no
>> load printers= yes
>> max smbd processes= 500
>> getwd cache= yes
>> syslog= 0
>> use sendfile= yes
>> log level= 0
>> max log size= 50
>> unix extensions= no
>> dos charset= ascii
>> state directory= /mnt/system/samba/system
>>
>>
>> Windows client from which i am trying to access cifs is also connected to
>> the domain.
>>
>>
>> Could anybody help me regarding this issue. Ftp and cifs both uses samba
>> authentication but cifs authentication alone showing authentication error.
>>
>>
>>
>> Regards,
>>
>> Vigneshdhanraj G
>> -- To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
> You seem to be connecting to an AD domain, it might help if you setup your
> smb.conf a bit differently, I would have a look here:
>
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>
> adjust your smb.conf with reference to the above page and then follow the
> various links.
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list