-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've had similar problems as well, though I was using Solaris 10u3. I never have had the time to dedicate to getting it working. On Solaris, getting the PAM/nsswitch stuff correct enough was my biggest problem (since on Solaris, PAM is a little different than Linux). One day.
=R Whit Blauvelt wrote: > Similar problem here, running Ubuntu Workstation 7.10 (so, also Debian). But > it looks like I'm failing a stop beyond you. > > Works > kinit > wbinfo -u > wbinfo -g > wbinfo -t > > Fails - but note last line is a different result: > wbinfo -a whit%<pass> > > plaintext password authentication failed > error code was NT_STATUS_NO_SUCH_USER (0xc0000064) > error messsage was: No such user > Could not authenticate user whit%<passwith plaintext password > challenge/response password authentication succeeded > > However, despite the "succeeded" message there, from another box I see: > > # smbclient //no3/ftp -Uwhit%<pass > > Domain=[ABC] OS=[Unix] Server=[Samba 3.0.26a] > tree connect failed: NT_STATUS_ACCESS_DENIED > > And from samba: > > [2008/02/16 15:05:30, 2] auth/auth.c:check_ntlm_password(309) > check_ntlm_password: authentication for user [whit] -[whit] -[whit] > succeeded > [2008/02/16 15:05:30, 0] auth/auth_util.c:create_builtin_administrators(792) > create_builtin_administrators: Failed to create Administrators > [2008/02/16 15:05:30, 2] auth/auth_util.c:create_local_nt_token(914) > create_local_nt_token: Failed to create BUILTIN\Administrators group! > [2008/02/16 15:05:30, 0] auth/auth_util.c:create_builtin_users(758) > create_builtin_users: Failed to create Users > [2008/02/16 15:05:30, 2] auth/auth_util.c:create_local_nt_token(941) > create_local_nt_token: Failed to create BUILTIN\Users group! > [2008/02/16 15:05:30, 2] lib/access.c:check_access(323) > Allowed connection from (192.168.1.250) > [2008/02/16 15:05:30, 2] lib/access.c:check_access(323) > Allowed connection from (192.168.1.250) > [2008/02/16 15:05:30, 2] smbd/service.c:make_connection_snum(616) > user 'whit' (from session setup) not permitted to access this share (FTP) > > Despite that in smb.conf there is: > > [global] > winbind separator = \ > ... > [FTP] > valid users = ABC\whit > ... > > In looking around for docs, nothing is complete, nothing is well > cross-referenced with the rest, but this seems among the best: > http://wiki.samba.org/index.php/Samba_&_Active_Directory > > I've found some old posts to this list about the BUILTIN stuff I ran into > above, but just the problem reports, no description of the solution - or > even if the errors there have anything to do with the subsequent failure to > recognize that, yes samba, user 'whit' has explicit permission in smb.conf. > It also fails with "winbind use default domain" which reportedly should mean > no need to specify as "ABC\whit" but just "whit" should do. > > I've tried both krb5 and heimdal, with identical results. Curiously I was > able to get it working just if my nsswitch.conf listed _only_ winbind for > passwd: and group: entries - although of course without "compat" or "files" > on that line local system users time out and the system becomes unusable > after a short. The remote login then went fine though, using AD. WTF? > > Whit > > On Sat, Feb 16, 2008 at 05:00:07PM +0100, Rutger Beyen wrote: >> >> I'm trying to connect my Debian 4 samba box to my Windows 2003Server Active >> Directory. >> I successfully joined the domain, with net ads join. Wireshark captures a >> lot of packets going over the wire, and I get the message "joined the domain >> successfully". In my AD, under 'computers', the samba box appeared. So that >> all works. >> Asking a kerberos ticket for a user with kinit is also successful. So >> kerberos is working fine. >> >> Wbinfo -u gives me all the users I have in my AD, and wbinfo -g does the >> same with all the groups. wbinfo -t also working fine. >> But when I try wbinfo -a rutger%rutger, I get >> >> plaintext password authentication failed >> error code was NT_STATUS_NO_SUCH_USER (0xc0000064) >> error messsage was: No such user >> Could not authenticate user rutger%rutger with plaintext password >> challenge/response password authentication failed >> error code was NT_STATUS_NO_SUCH_USER (0xc0000064) >> error messsage was: No such user >> Could not authenticate user rutger with challenge/response >> >> Same result with wbinfo -K. It says the user does not exist, but it is there >> when I do a wbinfo -u. - -- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH0BbLmb+gadEcsb4RAnySAKC0ay2yZz4vIpIrgEv6mXW7WRUTTACdGKAK okZoh2YoI+/W4NqMl3N1O08= =BEXM -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
