[Samba] Pam-logon failure for AD users

Rowland penny rpenny at samba.org
Thu Dec 10 09:11:33 UTC 2015


On 10/12/15 07:49, VigneshDhanraj G wrote:
> Hi,
>
> This issue not solved, ftp and cifs using same way of authentication. but
> when trying to access cifs it always shows the same ACCESS_DENIED error.
>
> Regards,
>
> Vigneshdhanraj G
>
>
> On Tue, Nov 3, 2015 at 6:36 PM, Rowland Penny <rowlandpenny241155 at gmail.com>
> wrote:
>
>> On 03/11/15 12:25, VigneshDhanraj G wrote:
>>
>>> Hi Team,
>>>
>>> when i am running this command i am getting the following error
>>> /usr/local/samba/bin/wbinfo --pam-logon="DOMAIN\testusr1"
>>>
>>> Enter DOMAIN\testusr1's password:
>>> plaintext password authentication failed
>>> error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
>>> error message was: Access denied
>>> pam_logon failed for DOMAIN\testusr1
>>>
>>> FTP and Cifs uses pam. Ftp authentication using domain working fine. But,
>>> Cifs showing ACCESS_DENIED error.
>>>
>>> Samba version : 4.1.17
>>>
>>> In winbindd.log i could see
>>> [2015/11/03 11:59:46.377088, 10, pid=435, effective(0, 0), real(0, 0),
>>> class=winbind] ../source3/winbindd/winbindd.c:755(wb_request_done)
>>>     wb_request_done[559:PAM_AUTH_CRAP]: NT_STATUS_ACCESS_DENIED
>>>
>>> My smb.conf is
>>>
>>> available= yes
>>> restrict anonymous= 0
>>> server string= LenovoEMC™ px6-300d
>>> Workgroup= DOMAIN
>>> netbios name= Debian
>>> realm= DOMAIN.LOCAL
>>> password server= 192.168.1.100, *
>>> idmap backend= tdb
>>> idmap uid= 5000-9999999
>>> idmap gid= 5000-9999999
>>> security= ADS
>>> name resolve order= wins host bcast lmhosts
>>> client use spnego= yes
>>> dns proxy= no
>>> winbind use default domain= no
>>> winbind nested groups= yes
>>> inherit acls= yes
>>> winbind enum users= yes
>>> winbind enum groups= yes
>>> winbind separator= \\
>>> winbind cache time= 300
>>> winbind offline logon= true
>>> template shell= /bin/sh
>>> map to guest= Bad User
>>> host msdfs= yes
>>> strict allocate= yes
>>> encrypt passwords= yes
>>> passdb backend= smbpasswd
>>> printcap name= lpstat
>>> printable= no
>>> load printers= yes
>>> max smbd processes= 500
>>> getwd cache= yes
>>> syslog= 0
>>> use sendfile= yes
>>> log level= 0
>>> max log size= 50
>>> unix extensions= no
>>> dos charset= ascii
>>> state directory= /mnt/system/samba/system
>>>
>>>
>>> Windows client from which i am trying to access cifs is also connected to
>>> the domain.
>>>
>>>
>>> Could anybody help me regarding this issue. Ftp and cifs both uses samba
>>> authentication but cifs authentication alone showing authentication error.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Vigneshdhanraj G
>>> -- To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>> You seem to be connecting to an AD domain, it might help if you setup your
>> smb.conf a bit differently, I would have a look here:
>>
>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>>
>> adjust your smb.conf with reference to the above page and then follow the
>> various links.
>>
>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

Please post your new smb.conf

Rowland




More information about the samba mailing list