[Samba] problems with authentication
Rowland penny
rpenny at samba.org
Mon Aug 5 07:58:45 UTC 2019
On 05/08/2019 08:24, L.P.H. van Belle via samba wrote:
> Hai,
>
> I think this is an old bug.. ( pretty sure about it )
> And i suggest to dont change anything except smb.conf.
>
> Your trying to use kerbereros usersname.
> wbinfo -a marcio at EMPRESA.COM.BR
> Enter marcio at EMPRESA.COM.BR's password:
>
> And you using:
> winbind use default domain = yes
> This is and old bug somewhere in 4.5/4/6 i believe.
>
> Only change these, yes only slows down you server.
> winbind enum users = no
> winbind enum groups = no
>
> And then try this:
> wbinfo -a marcio
>
>
> I'll bet that works.
>
How much are you prepared to bet ;-)
This has never worked for me, but everything else seems to work, so I
ignore it:
rowland at devstation:~$ wbinfo -a rowland
Enter rowland's password:
plaintext password authentication succeeded
Enter rowland's password:
challenge/response password authentication failed
Could not authenticate user rowland with challenge/response
rowland at devstation:~$ wbinfo -a rowland
Enter rowland's password:
plaintext password authentication succeeded
Enter rowland's password:
challenge/response password authentication failed
Could not authenticate user rowland with challenge/response
rowland at devstation:~$ wbinfo -a SAMDOM\\rowland
Enter SAMDOM\rowland's password:
plaintext password authentication succeeded
Enter SAMDOM\rowland's password:
challenge/response password authentication failed
Could not authenticate user SAMDOM\rowland with challenge/response
rowland at devstation:~$ kinit rowland
Password for rowland at SAMDOM.EXAMPLE.COM:
rowland at devstation:~$ wbinfo -a rowland
Enter rowland's password:
plaintext password authentication succeeded
Enter rowland's password:
challenge/response password authentication failed
Could not authenticate user rowland with challenge/response
rowland at devstation:~$ wbinfo -a rowland at SAMDOM.EXAMPLE.COM
Enter rowland at SAMDOM.EXAMPLE.COM's password:
plaintext password authentication succeeded
Enter rowland at SAMDOM.EXAMPLE.COM's password:
challenge/response password authentication failed
Could not authenticate user rowland at SAMDOM.EXAMPLE.COM with
challenge/response
I am still going with the old favourite 'there are no uidNumber or
gidNumbers in AD', this is usually the problem. For some reason people
think these magically appear in AD ;-)
Rowland
More information about the samba
mailing list