[Samba] problems with authentication

Rowland penny rpenny at samba.org
Mon Aug 5 07:58:45 UTC 2019 

On 05/08/2019 08:24, L.P.H. van Belle via samba wrote:
> Hai,
>
> I think this is an old bug.. ( pretty sure about it )
> And i suggest to dont change anything except smb.conf.
>
> Your trying to use kerbereros usersname.
> wbinfo -a marcio at EMPRESA.COM.BR
> Enter marcio at EMPRESA.COM.BR's password:
>
> And you using:
> 	winbind use default domain = yes
> This is and old bug somewhere in 4.5/4/6 i believe.
>
> Only change these, yes only slows down you server.
>     winbind enum users = no
>     winbind enum groups = no
>
> And then try this:
> wbinfo -a marcio
>
>
> I'll bet that works.
>
How much are you prepared to bet ;-)

This has never worked for me, but everything else seems to work, so I 
ignore it:

rowland at devstation:~$ wbinfo -a rowland
Enter rowland's password:
plaintext password authentication succeeded
Enter rowland's password:
challenge/response password authentication failed
Could not authenticate user rowland with challenge/response
rowland at devstation:~$ wbinfo -a rowland
Enter rowland's password:
plaintext password authentication succeeded
Enter rowland's password:
challenge/response password authentication failed
Could not authenticate user rowland with challenge/response
rowland at devstation:~$ wbinfo -a SAMDOM\\rowland
Enter SAMDOM\rowland's password:
plaintext password authentication succeeded
Enter SAMDOM\rowland's password:
challenge/response password authentication failed
Could not authenticate user SAMDOM\rowland with challenge/response
rowland at devstation:~$ kinit rowland
Password for rowland at SAMDOM.EXAMPLE.COM:
rowland at devstation:~$ wbinfo -a rowland
Enter rowland's password:
plaintext password authentication succeeded
Enter rowland's password:
challenge/response password authentication failed
Could not authenticate user rowland with challenge/response
rowland at devstation:~$ wbinfo -a rowland at SAMDOM.EXAMPLE.COM
Enter rowland at SAMDOM.EXAMPLE.COM's password:
plaintext password authentication succeeded
Enter rowland at SAMDOM.EXAMPLE.COM's password:
challenge/response password authentication failed
Could not authenticate user rowland at SAMDOM.EXAMPLE.COM with 
challenge/response

I am still going with the old favourite 'there are no uidNumber or 
gidNumbers in AD', this is usually the problem. For some reason people 
think these magically appear in AD ;-)

Rowland

More information about the samba mailing list