[Samba] Pam-logon failure for AD users

Sat Dec 12 08:53:05 UTC 2015

sorry for the late response Rowland,

I didn't change the smb.conf with the same smb.conf, i configured new AD
that works fine. Do you need to change the smb.conf could you please tell
me what i need to change specifically. And i also suspect that problem with
my AD server. But i am not able to find the exact problem, The confusion is
Ftp works with same pam working fine but cifs always shows access denied.
if password is wrong it shows Wrong password.

Regards,

Vigneshdhanraj G

On Thu, Dec 10, 2015 at 2:41 PM, Rowland penny <rpenny at samba.org> wrote:

> On 10/12/15 07:49, VigneshDhanraj G wrote:
>
>> Hi,
>>
>> This issue not solved, ftp and cifs using same way of authentication. but
>> when trying to access cifs it always shows the same ACCESS_DENIED error.
>>
>> Regards,
>>
>> Vigneshdhanraj G
>>
>>
>> On Tue, Nov 3, 2015 at 6:36 PM, Rowland Penny <
>> rowlandpenny241155 at gmail.com>
>> wrote:
>>
>> On 03/11/15 12:25, VigneshDhanraj G wrote:
>>>
>>> Hi Team,
>>>>
>>>> when i am running this command i am getting the following error
>>>> /usr/local/samba/bin/wbinfo --pam-logon="DOMAIN\testusr1"
>>>>
>>>> Enter DOMAIN\testusr1's password:
>>>> plaintext password authentication failed
>>>> error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
>>>> error message was: Access denied
>>>> pam_logon failed for DOMAIN\testusr1
>>>>
>>>> FTP and Cifs uses pam. Ftp authentication using domain working fine.
>>>> But,
>>>> Cifs showing ACCESS_DENIED error.
>>>>
>>>> Samba version : 4.1.17
>>>>
>>>> In winbindd.log i could see
>>>> [2015/11/03 11:59:46.377088, 10, pid=435, effective(0, 0), real(0, 0),
>>>> class=winbind] ../source3/winbindd/winbindd.c:755(wb_request_done)
>>>>     wb_request_done[559:PAM_AUTH_CRAP]: NT_STATUS_ACCESS_DENIED
>>>>
>>>> My smb.conf is
>>>>
>>>> available= yes
>>>> restrict anonymous= 0
>>>> server string= LenovoEMC™ px6-300d
>>>> Workgroup= DOMAIN
>>>> netbios name= Debian
>>>> realm= DOMAIN.LOCAL
>>>> password server= 192.168.1.100, *
>>>> idmap backend= tdb
>>>> idmap uid= 5000-9999999
>>>> idmap gid= 5000-9999999
>>>> security= ADS
>>>> name resolve order= wins host bcast lmhosts
>>>> client use spnego= yes
>>>> dns proxy= no
>>>> winbind use default domain= no
>>>> winbind nested groups= yes
>>>> inherit acls= yes
>>>> winbind enum users= yes
>>>> winbind enum groups= yes
>>>> winbind separator= \\
>>>> winbind cache time= 300
>>>> winbind offline logon= true
>>>> template shell= /bin/sh
>>>> map to guest= Bad User
>>>> host msdfs= yes
>>>> strict allocate= yes
>>>> encrypt passwords= yes
>>>> passdb backend= smbpasswd
>>>> printcap name= lpstat
>>>> printable= no
>>>> load printers= yes
>>>> max smbd processes= 500
>>>> getwd cache= yes
>>>> syslog= 0
>>>> use sendfile= yes
>>>> log level= 0
>>>> max log size= 50
>>>> unix extensions= no
>>>> dos charset= ascii
>>>> state directory= /mnt/system/samba/system
>>>>
>>>>
>>>> Windows client from which i am trying to access cifs is also connected
>>>> to
>>>> the domain.
>>>>
>>>>
>>>> Could anybody help me regarding this issue. Ftp and cifs both uses samba
>>>> authentication but cifs authentication alone showing authentication
>>>> error.
>>>>
>>>>
>>>>
>>>> Regards,
>>>>
>>>> Vigneshdhanraj G
>>>> -- To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>> You seem to be connecting to an AD domain, it might help if you setup
>>> your
>>> smb.conf a bit differently, I would have a look here:
>>>
>>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>>>
>>> adjust your smb.conf with reference to the above page and then follow the
>>> various links.
>>>
>>> Rowland
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
> Please post your new smb.conf
>
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>