[Samba] problems with authentication
Marcio Demetrio Bacci
marciobacci at gmail.com
Sun Aug 4 22:18:50 UTC 2019
Hi,
I set up a samba 4 in Debian 9.9 as a Domain member server, but
authentication is not working as follows:
root at srv-proxy:/etc/samba# wbinfo -a marcio at EMPRESA.COM.BR
Enter marcio at EMPRESA.COM.BR's password:
plaintext password authentication succeeded
Enter marcio at EMPRESA.COM.BR's password:
challenge/response password authentication failed
wbcAuthenticateUserEx(+marcio at EMPRESA.COM.BR): error code was
NT_STATUS_WRONG_PASSWORD (0xc000006a)
error message was: Wrong Password
Could not authenticate user marcio at EMPRESA.COM.BR with challenge/response
My password is correct!
#############################################
My DC are:
Primary: Samba 4 DC (Debian 9.9)
Secondary: Windows Server 2008
Follows my configurations files:
SMB.CONF
[global]
netbios name = SRV-PROXY
workgroup = EMPRESA
security = ADS
realm = EMPRESA.COM.BR
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 3000-7999
idmap config EMPRESA:backend = ad
idmap config EMPRESA:schema_mode = rfc2307
idmap config EMPRESA:range = 100000-999999
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
##############################################
NSSWITCH.CONF
root at srv-proxy:/etc/samba# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat winbind
group: compat winbind
shadow: compat winbind
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
########################################################################
root at srv-proxy:/etc# net ads join -Uadministrator
Enter marcio's password:
Using short domain name -- EMPRESA
Joined 'SRV-PROXY' to dns domain 'empresa.com.br'
root at srv-proxy:/etc# net ads testjoin
Join is OK
root at srv-proxy:/etc/samba# kinit marcio
Password for marcio at EMPRESA.COM.BR:
root at srv-proxy:/etc/samba# klist -l
Principal name Cache name
-------------- ----------
marcio at EMPRESA.COM.BR FILE:/tmp/krb5cc_0
#####################################################################
The wbinfo -g and wbinfo -u commands are working properly.
Could anybody help me?
Regards,
Márcio Bacci
More information about the samba
mailing list