[Samba] Winbind authentication from different domain not working

C. de Man c.deman82 at gmail.com
Sat Feb 17 15:23:23 UTC 2018


I’ve removed the following line from smb.conf:
> 
>> winbind use default domain = Yes
> Although we are using it on a different server (who has direct access to all DC’s from both domains).
> And we are able to logon with credentials from a different domain.
> by using "ssh -l DOMAINA+username SERVER02"
> 
>> We now come to the domain ranges, they must not overlap. Your '*' range
>> is set to '1000000-199999999', the domaina, domainb and domainc ranges
>> are all inside this range.
> 
> I need to look into this as this has been used all over the network.
> Not sure what the impact would be on our Samba servers who are sharing files via SMB.
> Maybe we didn’t have issues so far as we are only doing SMB sharing in 1 domain (DOMAINA)
> 
>> From what you have posted, your realm & workgroup are identical
>> 'DOMAINB', I would have expected the realm to have been something like
>> ‘DOMAINB.TLD'
> 
> you are correct when changing the original names I left out the TLD part which is .INTRA -> DOMAINB.INTRA
> 
> output of the /var/log/secure log file during a failed login attempt:
> Feb 17 09:53:22 SERVER01 sshd[8671]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTHINFO_UNAVAIL (9), NTSTATUS: NT_STATUS_NO_LOGON_SERVERS, Error message was: No logon servers
> Feb 17 09:53:22 SERVER01 sshd[8671]: pam_winbind(sshd:auth): internal module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = ‘DOMAINA+username')
> Permission denied, please try again.
> DOMAINA+username at SERVER01.DOMAINB.intra <mailto:DOMAINA+username at SERVER01.DOMAINB.intra>'s password: Feb 17 09:53:24 SERVER01 sshd[8671]: Failed password for DOMAINA+username from IP_ADDRESS port 39242 ssh2
> 



More information about the samba mailing list