[Samba] problems with authentication

L.P.H. van Belle belle at bazuin.nl
Mon Aug 5 08:08:12 UTC 2019


 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: maandag 5 augustus 2019 9:59
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] problems with authentication
> 
> On 05/08/2019 08:24, L.P.H. van Belle via samba wrote:
> > Hai,
> >
> > I think this is an old bug.. ( pretty sure about it )
> > And i suggest to dont change anything except smb.conf.
> >
> > Your trying to use kerbereros usersname.
> > wbinfo -a marcio at EMPRESA.COM.BR
> > Enter marcio at EMPRESA.COM.BR's password:
> >
> > And you using:
> > 	winbind use default domain = yes
> > This is and old bug somewhere in 4.5/4/6 i believe.
> >
> > Only change these, yes only slows down you server.
> >     winbind enum users = no
> >     winbind enum groups = no
> >
> > And then try this:
> > wbinfo -a marcio
> >
> >
> > I'll bet that works.
> >
> How much are you prepared to bet ;-)

ALL IN..  ;-) 


root at rtd-gw2:~# wbinfo -a username
Enter username's password:
plaintext password authentication succeeded
Enter username's password:
challenge/response password authentication succeeded

root at rtd-gw2:~# wbinfo -a BAZRTD\\username
Enter BAZRTD\username's password:
plaintext password authentication succeeded
Enter BAZRTD\username's password:
challenge/response password authentication succeeded

root at rtd-gw2:~# wbinfo -a username at rotterdam.bazuin.nl
Enter username at rotterdam.bazuin.nl's password:
plaintext password authentication succeeded
Enter username at rotterdam.bazuin.nl's password:
challenge/response password authentication succeeded

Server Debian Buster, samba 4.10.6 ( my new proxy )  ;-) 


Greetz, 

Louis



> 
> This has never worked for me, but everything else seems to work, so I 
> ignore it:
> 
> rowland at devstation:~$ wbinfo -a rowland
> Enter rowland's password:
> plaintext password authentication succeeded
> Enter rowland's password:
> challenge/response password authentication failed
> Could not authenticate user rowland with challenge/response
> rowland at devstation:~$ wbinfo -a rowland
> Enter rowland's password:
> plaintext password authentication succeeded
> Enter rowland's password:
> challenge/response password authentication failed
> Could not authenticate user rowland with challenge/response
> rowland at devstation:~$ wbinfo -a SAMDOM\\rowland
> Enter SAMDOM\rowland's password:
> plaintext password authentication succeeded
> Enter SAMDOM\rowland's password:
> challenge/response password authentication failed
> Could not authenticate user SAMDOM\rowland with challenge/response
> rowland at devstation:~$ kinit rowland
> Password for rowland at SAMDOM.EXAMPLE.COM:
> rowland at devstation:~$ wbinfo -a rowland
> Enter rowland's password:
> plaintext password authentication succeeded
> Enter rowland's password:
> challenge/response password authentication failed
> Could not authenticate user rowland with challenge/response
> rowland at devstation:~$ wbinfo -a rowland at SAMDOM.EXAMPLE.COM
> Enter rowland at SAMDOM.EXAMPLE.COM's password:
> plaintext password authentication succeeded
> Enter rowland at SAMDOM.EXAMPLE.COM's password:
> challenge/response password authentication failed
> Could not authenticate user rowland at SAMDOM.EXAMPLE.COM with 
> challenge/response
> 
> I am still going with the old favourite 'there are no uidNumber or 
> gidNumbers in AD', this is usually the problem. For some 
> reason people 
> think these magically appear in AD ;-)
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list