Re: [Samba] NTLMv2 - wrong password with samba? (SOLVED)
On Wed, 2005-08-03 at 15:40 -0400, Tim P wrote: I am following the guide you wrote to incorporate an ipsec connection through the poptop pptpd daemon and into a windows domain via samba. I have followed it (http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf) and am getting the following with my dianostics: [EMAIL PROTECTED] etc]# nmbd start [EMAIL PROTECTED] etc]# winbindd start [EMAIL PROTECTED] etc]# pptpd start [EMAIL PROTECTED] etc]# wbinfo -p Ping to winbindd succeeded on fd 4 [EMAIL PROTECTED] etc]# wbinfo -t checking the trust secret via RPC calls succeeded [EMAIL PROTECTED] etc]# ntlm_auth --username=user --domain=mydomain password: NT_STATUS_OK: Success (0x0) [EMAIL PROTECTED] etc]# ntlm_auth --username=user --domain=mydomain --diagnostics The failure of the NTLMv2 tests should not be a problem for ppp (MSCHAP/MSCHAPv2) logins, because NTLMv2 is not actually used for this. (These use a variation on the traditional NLTMv1). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTLMv2 - wrong password with samba? (SOLVED)
I am following the guide you wrote to incorporate an ipsec connection through the poptop pptpd daemon and into a windows domain via samba. I have followed it (http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf) and am getting the following with my dianostics: [EMAIL PROTECTED] etc]# nmbd start [EMAIL PROTECTED] etc]# winbindd start [EMAIL PROTECTED] etc]# pptpd start [EMAIL PROTECTED] etc]# wbinfo -p Ping to winbindd succeeded on fd 4 [EMAIL PROTECTED] etc]# wbinfo -t checking the trust secret via RPC calls succeeded [EMAIL PROTECTED] etc]# ntlm_auth --username=user --domain=mydomain password: NT_STATUS_OK: Success (0x0) [EMAIL PROTECTED] etc]# ntlm_auth --username=user --domain=mydomain --diagnostics password: Wrong Password (0xc06a) [2005/08/03 15:36:50, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLMv2 failed! Wrong Password (0xc06a) [2005/08/03 15:36:50, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLMv2 and LMv2 failed! Wrong Password (0xc06a) [2005/08/03 15:36:50, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test LMv2 failed! Wrong Password (0xc06a) [2005/08/03 15:36:50, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLMv2 and LMv2, LMv2 broken failed! Wrong Password (0xc06a) Wrong Password (0xc06a) Wrong Password (0xc06a) [2005/08/03 15:36:50, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext failed! Wrong Password (0xc06a) [2005/08/03 15:36:50, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext LM broken failed! Wrong Password (0xc06a) Wrong Password (0xc06a) [2005/08/03 15:36:50, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext NT only failed! Wrong Password (0xc06a) [2005/08/03 15:36:50, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext LM only failed! [EMAIL PROTECTED] etc]# Here is the relavant part of my smb.conf also: [global] workgroup = MYDOMAIN realm = MYDOMAIN.ORG security = ads client NTLMv2 auth = yes I am using samba 3.0.14a -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTLMv2 - wrong password with samba? (SOLVED)
On Thu, 2005-07-28 at 10:57 -0400, Tim P wrote: I upgraded as well after seeing your post but it still gives me the same error. Any log files I should be looking at on windows or the samba side. I know the password is correct, I logged into windows with it and didn't fat-finger it. There is clearly some more we need to understand about NTLMv2 in these environments. The plaintext failures don't matter, nor do the 'wrong password' warnings on tests that don't spit out a 'test failed' message. This testsuite has been migrated to Samba4, where the RPC-SAMLOGON smbtorture test tests a few more combinations of this area. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTLMv2 - wrong password with samba? (SOLVED)
I upgraded as well after seeing your post but it still gives me the same error. Any log files I should be looking at on windows or the samba side. I know the password is correct, I logged into windows with it and didn't fat-finger it. On 7/27/05, Bob Bostwick (Lists) [EMAIL PROTECTED] wrote: I solved this issue by updating the 2003 AD Servers to SP1. Regards, Bob Bostwick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NTLMv2 - wrong password with samba? (SOLVED)
I solved this issue by updating the 2003 AD Servers to SP1. Regards, Bob Bostwick -Original Message- From: Tim P [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 10:18 AM To: samba@lists.samba.org Subject: [Samba] NTLMv2 - wrong password with samba? I have samba 3.0.14-5 installed (installed via Fedora Core 4's Yum) I have enabled client NTLMv2 auth = yes in smb.conf When I run ntlm_auth --username=user --domain=MYDOM it connects fine (change user and MYDOM to be my user and my domain) When I run ntlm_auth --username=user --domain=MYDOM --diagnostics it fails on all tests with wrong password which is incorrect, I know its the right password, I was very careful with it and have reset it to make sure This is connecting to a 2003 active directory domain, I have successfully joined the machine to the domain and am able to get a list of users and groups without issue Here is the output of ntlm_auth --username=user --domain=MYDOM --diagnostics I have sanatized it to use user and MYDOM [EMAIL PROTECTED] samba]# ntlm_auth --username=user --domain=MYDOM --diagnostics password: Wrong Password (0xc06a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLMv2 failed! Wrong Password (0xc06a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLMv2 and LMv2 failed! Wrong Password (0xc06a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test LMv2 failed! Wrong Password (0xc06a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLMv2 and LMv2, LMv2 broken failed! Wrong Password (0xc06a) Wrong Password (0xc06a) Wrong Password (0xc06a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext failed! Wrong Password (0xc06a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext LM broken failed! Wrong Password (0xc06a) Wrong Password (0xc06a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext NT only failed! Wrong Password (0xc06a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext LM only failed! [EMAIL PROTECTED] samba]# My smb.conf has the following in it that I have added [global] workgroup = MYDOM realm = MYDOM.ORG security = ads client NTLMv2 auth = yes Is there perhaps some setting I need to set in windows AD to allow me to connect this way (such as enabling remote access) or something on the samba side that I missed? Any advice is greatly appreciated, Thanks Tim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
