[Samba] problems with authentication

L.P.H. van Belle belle at bazuin.nl
Mon Aug 5 08:12:57 UTC 2019


P.S.

Test 1, was done with an backend = AD
Just verified the other (older) proxy. 

Debian Jessie, samba 4.8.12.  ( also a proxy server ) 
Same result, all work great :-) 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba
> Verzonden: maandag 5 augustus 2019 10:08
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] problems with authentication
> 
>  
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > Rowland penny via samba
> > Verzonden: maandag 5 augustus 2019 9:59
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] problems with authentication
> > 
> > On 05/08/2019 08:24, L.P.H. van Belle via samba wrote:
> > > Hai,
> > >
> > > I think this is an old bug.. ( pretty sure about it )
> > > And i suggest to dont change anything except smb.conf.
> > >
> > > Your trying to use kerbereros usersname.
> > > wbinfo -a marcio at EMPRESA.COM.BR
> > > Enter marcio at EMPRESA.COM.BR's password:
> > >
> > > And you using:
> > > 	winbind use default domain = yes
> > > This is and old bug somewhere in 4.5/4/6 i believe.
> > >
> > > Only change these, yes only slows down you server.
> > >     winbind enum users = no
> > >     winbind enum groups = no
> > >
> > > And then try this:
> > > wbinfo -a marcio
> > >
> > >
> > > I'll bet that works.
> > >
> > How much are you prepared to bet ;-)
> 
> ALL IN..  ;-) 
> 
> 
> root at rtd-gw2:~# wbinfo -a username
> Enter username's password:
> plaintext password authentication succeeded
> Enter username's password:
> challenge/response password authentication succeeded
> 
> root at rtd-gw2:~# wbinfo -a BAZRTD\\username
> Enter BAZRTD\username's password:
> plaintext password authentication succeeded
> Enter BAZRTD\username's password:
> challenge/response password authentication succeeded
> 
> root at rtd-gw2:~# wbinfo -a username at rotterdam.bazuin.nl
> Enter username at rotterdam.bazuin.nl's password:
> plaintext password authentication succeeded
> Enter username at rotterdam.bazuin.nl's password:
> challenge/response password authentication succeeded
> 
> Server Debian Buster, samba 4.10.6 ( my new proxy )  ;-) 
> 
> 
> Greetz, 
> 
> Louis
> 
> 
> 
> > 
> > This has never worked for me, but everything else seems to 
> work, so I 
> > ignore it:
> > 
> > rowland at devstation:~$ wbinfo -a rowland
> > Enter rowland's password:
> > plaintext password authentication succeeded
> > Enter rowland's password:
> > challenge/response password authentication failed
> > Could not authenticate user rowland with challenge/response
> > rowland at devstation:~$ wbinfo -a rowland
> > Enter rowland's password:
> > plaintext password authentication succeeded
> > Enter rowland's password:
> > challenge/response password authentication failed
> > Could not authenticate user rowland with challenge/response
> > rowland at devstation:~$ wbinfo -a SAMDOM\\rowland
> > Enter SAMDOM\rowland's password:
> > plaintext password authentication succeeded
> > Enter SAMDOM\rowland's password:
> > challenge/response password authentication failed
> > Could not authenticate user SAMDOM\rowland with challenge/response
> > rowland at devstation:~$ kinit rowland
> > Password for rowland at SAMDOM.EXAMPLE.COM:
> > rowland at devstation:~$ wbinfo -a rowland
> > Enter rowland's password:
> > plaintext password authentication succeeded
> > Enter rowland's password:
> > challenge/response password authentication failed
> > Could not authenticate user rowland with challenge/response
> > rowland at devstation:~$ wbinfo -a rowland at SAMDOM.EXAMPLE.COM
> > Enter rowland at SAMDOM.EXAMPLE.COM's password:
> > plaintext password authentication succeeded
> > Enter rowland at SAMDOM.EXAMPLE.COM's password:
> > challenge/response password authentication failed
> > Could not authenticate user rowland at SAMDOM.EXAMPLE.COM with 
> > challenge/response
> > 
> > I am still going with the old favourite 'there are no uidNumber or 
> > gidNumbers in AD', this is usually the problem. For some 
> > reason people 
> > think these magically appear in AD ;-)
> > 
> > Rowland
> > 
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> > 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list