[Samba] problems with authentication
L.P.H. van Belle
belle at bazuin.nl
Mon Aug 5 08:12:57 UTC 2019
P.S.
Test 1, was done with an backend = AD
Just verified the other (older) proxy.
Debian Jessie, samba 4.8.12. ( also a proxy server )
Same result, all work great :-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> L.P.H. van Belle via samba
> Verzonden: maandag 5 augustus 2019 10:08
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] problems with authentication
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Rowland penny via samba
> > Verzonden: maandag 5 augustus 2019 9:59
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] problems with authentication
> >
> > On 05/08/2019 08:24, L.P.H. van Belle via samba wrote:
> > > Hai,
> > >
> > > I think this is an old bug.. ( pretty sure about it )
> > > And i suggest to dont change anything except smb.conf.
> > >
> > > Your trying to use kerbereros usersname.
> > > wbinfo -a marcio at EMPRESA.COM.BR
> > > Enter marcio at EMPRESA.COM.BR's password:
> > >
> > > And you using:
> > > winbind use default domain = yes
> > > This is and old bug somewhere in 4.5/4/6 i believe.
> > >
> > > Only change these, yes only slows down you server.
> > > winbind enum users = no
> > > winbind enum groups = no
> > >
> > > And then try this:
> > > wbinfo -a marcio
> > >
> > >
> > > I'll bet that works.
> > >
> > How much are you prepared to bet ;-)
>
> ALL IN.. ;-)
>
>
> root at rtd-gw2:~# wbinfo -a username
> Enter username's password:
> plaintext password authentication succeeded
> Enter username's password:
> challenge/response password authentication succeeded
>
> root at rtd-gw2:~# wbinfo -a BAZRTD\\username
> Enter BAZRTD\username's password:
> plaintext password authentication succeeded
> Enter BAZRTD\username's password:
> challenge/response password authentication succeeded
>
> root at rtd-gw2:~# wbinfo -a username at rotterdam.bazuin.nl
> Enter username at rotterdam.bazuin.nl's password:
> plaintext password authentication succeeded
> Enter username at rotterdam.bazuin.nl's password:
> challenge/response password authentication succeeded
>
> Server Debian Buster, samba 4.10.6 ( my new proxy ) ;-)
>
>
> Greetz,
>
> Louis
>
>
>
> >
> > This has never worked for me, but everything else seems to
> work, so I
> > ignore it:
> >
> > rowland at devstation:~$ wbinfo -a rowland
> > Enter rowland's password:
> > plaintext password authentication succeeded
> > Enter rowland's password:
> > challenge/response password authentication failed
> > Could not authenticate user rowland with challenge/response
> > rowland at devstation:~$ wbinfo -a rowland
> > Enter rowland's password:
> > plaintext password authentication succeeded
> > Enter rowland's password:
> > challenge/response password authentication failed
> > Could not authenticate user rowland with challenge/response
> > rowland at devstation:~$ wbinfo -a SAMDOM\\rowland
> > Enter SAMDOM\rowland's password:
> > plaintext password authentication succeeded
> > Enter SAMDOM\rowland's password:
> > challenge/response password authentication failed
> > Could not authenticate user SAMDOM\rowland with challenge/response
> > rowland at devstation:~$ kinit rowland
> > Password for rowland at SAMDOM.EXAMPLE.COM:
> > rowland at devstation:~$ wbinfo -a rowland
> > Enter rowland's password:
> > plaintext password authentication succeeded
> > Enter rowland's password:
> > challenge/response password authentication failed
> > Could not authenticate user rowland with challenge/response
> > rowland at devstation:~$ wbinfo -a rowland at SAMDOM.EXAMPLE.COM
> > Enter rowland at SAMDOM.EXAMPLE.COM's password:
> > plaintext password authentication succeeded
> > Enter rowland at SAMDOM.EXAMPLE.COM's password:
> > challenge/response password authentication failed
> > Could not authenticate user rowland at SAMDOM.EXAMPLE.COM with
> > challenge/response
> >
> > I am still going with the old favourite 'there are no uidNumber or
> > gidNumbers in AD', this is usually the problem. For some
> > reason people
> > think these magically appear in AD ;-)
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list