I've been stuck on this one for days and can't seem to find anything referencing the same problem; help would be greatly appreciated. I have a functioning Samba 3.5.4-63 installation acting as a PDC - users can log in from Windows 7 machines without problems etc. etc.
The issue is with using wbinfo -a to authenticate users (without going into too much detail, I'm trying to use the ntlm_auth helper for Squid, and I think this error might be the best indication I've found as to why that isn't working.) wbinfo -u/-g both return the correct lists of users/groups as winbind is up and running, but I can't get it to authorize any of them: [[email protected] - ~]# wbinfo -a DOMAIN+user%password plaintext password authentication failed Could not authenticate user DOMAIN+user%password with plaintext password challenge/response password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc0000008) error messsage was: Invalid handle Could not authenticate user DOMAIN+user with challenge/response Perhaps this is just an error in usage, but I have also tried many other variations (e.g. just user%password, DOMAIN+user - typing password when prompted, etc.) If I use WRONGDOMAIN+user the error does change to NT_STATUS_NO_SUCH_USER, but DOMAIN+wronguser still gives INVALID_HANDLE. The only log entries that seem to correlate to these attempts are in /var/log/log.wb-DOMAIN: [2010/08/17 10:52:48.288391, 2] winbindd/winbindd_pam.c:1724(winbindd_dual_pam_auth) Plain-text authentication for user DOMAIN+user returned NT_STATUS_INVALID_HANDLE (PAM: 4) [2010/08/17 10:52:55.887613, 2] winbindd/winbindd_pam.c:2003(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [DOMAIN]\[user] returned NT_STATUS_INVALID_HANDLE (PAM: 4) I'll include the global section of my smb.conf; please let me know if there is any more relevant information I can provide. [global] workgroup = domain server string = domain netbios name = domain bind interfaces only = yes interfaces = eth1 lo smb ports = 139 os level = 35 domain master = yes preferred master = yes domain logons = yes wins support = yes dns proxy = yes idmap uid = 15000-20000 idmap gid = 15000-20000 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes # Security security = user hosts allow = 10.10.10. 127. hide dot files = yes unix password sync = yes encrypt passwords = yes passwd program = /usr/bin/passwd %u passdb backend = tdbsam # Directories logon path = \\%L\profiles\%U logon drive = Z: logon home = \\%L\%U logon script = logon.bat # Scripts add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null -g users %u -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
