[Samba] problems with authentication

Marcio Demetrio Bacci marciobacci at gmail.com
Sun Aug 4 22:18:50 UTC 2019


Hi,

I set up a samba 4 in Debian 9.9 as a Domain member server, but
authentication is not working as follows:

root at srv-proxy:/etc/samba# wbinfo -a marcio at EMPRESA.COM.BR
Enter marcio at EMPRESA.COM.BR's password:
plaintext password authentication succeeded
Enter marcio at EMPRESA.COM.BR's password:
challenge/response password authentication failed
wbcAuthenticateUserEx(+marcio at EMPRESA.COM.BR): error code was
NT_STATUS_WRONG_PASSWORD (0xc000006a)
error message was: Wrong Password
Could not authenticate user marcio at EMPRESA.COM.BR with challenge/response

My password is correct!
#############################################
My DC are:
Primary: Samba 4 DC (Debian 9.9)
Secondary: Windows Server 2008

Follows my configurations files:

SMB.CONF

[global]
  netbios name = SRV-PROXY
  workgroup = EMPRESA
  security = ADS
  realm = EMPRESA.COM.BR
  encrypt passwords = yes

  idmap config *:backend = tdb
  idmap config *:range = 3000-7999
  idmap config EMPRESA:backend = ad
  idmap config EMPRESA:schema_mode = rfc2307
  idmap config EMPRESA:range = 100000-999999

  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users = yes
  winbind enum groups = yes

  vfs objects = acl_xattr
  map acl inherit = Yes
  store dos attributes = Yes

##############################################

NSSWITCH.CONF

root at srv-proxy:/etc/samba# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat winbind
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
########################################################################

root at srv-proxy:/etc# net ads join -Uadministrator
Enter marcio's password:
Using short domain name -- EMPRESA
Joined 'SRV-PROXY' to dns domain 'empresa.com.br'

root at srv-proxy:/etc# net ads testjoin
Join is OK


root at srv-proxy:/etc/samba# kinit marcio
Password for marcio at EMPRESA.COM.BR:
root at srv-proxy:/etc/samba# klist -l
Principal name                 Cache name
--------------                 ----------
marcio at EMPRESA.COM.BR      FILE:/tmp/krb5cc_0

#####################################################################

The wbinfo -g and wbinfo -u commands are working properly.


Could anybody help me?

Regards,

Márcio Bacci


More information about the samba mailing list