Re: [Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds
I have tried various settings for the Authentication Methods, all with similar results, currently set for NTLMv2 only. I don't know why wbinfo attempts plaintext auth when it is turned off in smb.conf. Also I have upgraded to the latest Samba available from RedHat, which did at least allow me to do on the fly account creation. I thought the two symptoms were linked, but obviously I was mistaken. The only other clue I have is that I can't use smbclient to list or connect to shares on the Linux box (But can with Kerberos auth), but I can for shares on Windows machines. Thanks Steven charles weber wrote: Is AD set for ntlmv2 only? On Oct 22, 2010, at 8:45 AM, Robert Freeman-Day wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/21/2010 09:36 PM, Gaiseric Vandal wrote: What kind of domain - samba PDC or Windows Active Directory ? Maybe the samba version is just too old. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Steven Moyse Sent: Thursday, October 21, 2010 8:52 PM To: samba@lists.samba.org Subject: [Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds I am having trouble setting up winbind authentication. I have successfully joined the domain winbind -t OK winbind -u OK winbind -g OK winbind -K 'DOMAIN\user%password' OK winbind -a 'DOMAIN\user%password' FAIL For winbind -a: Plaintext authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED challenge/response authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED Am using SAMBA 3.0.33 on Redhat 5.4 patched to latest. I have previously configured many SAMBA servers If you are joined to a Windows domain, you can update your RHEL to 5.5 and take advantage of Red Hat's Samba3x package. I wrote up a quickie migration doc to get there: https://wiki.uits.iu.edu/confluence-prd/pages/viewpage.action?pageId=116097702 It may be a good idea to migrate to it anyway to take advantages of newer features. - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzBh18ACgkQup357T5MfTYAgACfeuGaOaI51WMgD86dVNCgzq4b agkAoM2a2FT4qJSBC126yz1H/Zg/fCbP =pzMb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Steven Moyse Civica Pty Ltd 96 - 102 Lambton Rd. Broadmeadow NSW 2292 Phone: 02 4941 9493 (-9499 FAX) email: smo...@civica.com.au -- This email is from Civica Pty Limited and it, together with any attachments, is confidential to the intended recipient(s) and the contents may be legally privileged or contain proprietary and private information. It is intended solely for the person to whom it is addressed. If you are not an intended recipient, you may not review, copy or distribute this email. If received in error, please notify the sender and delete the message from your system immediately. Any views or opinions expressed in this email and any files transmitted with it are those of the author only and may not necessarily reflect the views of Civica and do not create any legally binding rights or obligations whatsoever. Unless otherwise pre-agreed by exchange of hard copy documents signed by duly authorised representatives, contracts may not be concluded on behalf of Civica by email. Please note that neither Civica nor the sender accepts any responsibility for any viruses and it is your responsibility to scan the email and the attachments (if any). All email received and sent by Civica may be monitored to protect the business interests of Civica. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds
Is AD set for ntlmv2 only? On Oct 22, 2010, at 8:45 AM, Robert Freeman-Day wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/21/2010 09:36 PM, Gaiseric Vandal wrote: What kind of domain - samba PDC or Windows Active Directory ? Maybe the samba version is just too old. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Steven Moyse Sent: Thursday, October 21, 2010 8:52 PM To: samba@lists.samba.org Subject: [Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds I am having trouble setting up winbind authentication. I have successfully joined the domain winbind -t OK winbind -u OK winbind -g OK winbind -K 'DOMAIN\user%password' OK winbind -a 'DOMAIN\user%password' FAIL For winbind -a: Plaintext authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED challenge/response authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED Am using SAMBA 3.0.33 on Redhat 5.4 patched to latest. I have previously configured many SAMBA servers If you are joined to a Windows domain, you can update your RHEL to 5.5 and take advantage of Red Hat's Samba3x package. I wrote up a quickie migration doc to get there: https://wiki.uits.iu.edu/confluence-prd/pages/viewpage.action?pageId=116097702 It may be a good idea to migrate to it anyway to take advantages of newer features. - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzBh18ACgkQup357T5MfTYAgACfeuGaOaI51WMgD86dVNCgzq4b agkAoM2a2FT4qJSBC126yz1H/Zg/fCbP =pzMb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/21/2010 09:36 PM, Gaiseric Vandal wrote: What kind of domain - samba PDC or Windows Active Directory ? Maybe the samba version is just too old. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Steven Moyse Sent: Thursday, October 21, 2010 8:52 PM To: samba@lists.samba.org Subject: [Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds I am having trouble setting up winbind authentication. I have successfully joined the domain winbind -t OK winbind -u OK winbind -g OK winbind -K 'DOMAIN\user%password' OK winbind -a 'DOMAIN\user%password' FAIL For winbind -a: Plaintext authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED challenge/response authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED Am using SAMBA 3.0.33 on Redhat 5.4 patched to latest. I have previously configured many SAMBA servers If you are joined to a Windows domain, you can update your RHEL to 5.5 and take advantage of Red Hat's Samba3x package. I wrote up a quickie migration doc to get there: https://wiki.uits.iu.edu/confluence-prd/pages/viewpage.action?pageId=116097702 It may be a good idea to migrate to it anyway to take advantages of newer features. - -- Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzBh18ACgkQup357T5MfTYAgACfeuGaOaI51WMgD86dVNCgzq4b agkAoM2a2FT4qJSBC126yz1H/Zg/fCbP =pzMb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds
I am having trouble setting up winbind authentication. I have successfully joined the domain winbind -t OK winbind -u OK winbind -g OK winbind -K 'DOMAIN\user%password' OK winbind -a 'DOMAIN\user%password' FAIL For winbind -a: Plaintext authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED challenge/response authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED Am using SAMBA 3.0.33 on Redhat 5.4 patched to latest. I have previously configured many SAMBA servers -- This email is from Civica Pty Limited and it, together with any attachments, is confidential to the intended recipient(s) and the contents may be legally privileged or contain proprietary and private information. It is intended solely for the person to whom it is addressed. If you are not an intended recipient, you may not review, copy or distribute this email. If received in error, please notify the sender and delete the message from your system immediately. Any views or opinions expressed in this email and any files transmitted with it are those of the author only and may not necessarily reflect the views of Civica and do not create any legally binding rights or obligations whatsoever. Unless otherwise pre-agreed by exchange of hard copy documents signed by duly authorised representatives, contracts may not be concluded on behalf of Civica by email. Please note that neither Civica nor the sender accepts any responsibility for any viruses and it is your responsibility to scan the email and the attachments (if any). All email received and sent by Civica may be monitored to protect the business interests of Civica. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds
What kind of domain - samba PDC or Windows Active Directory ? Maybe the samba version is just too old. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Steven Moyse Sent: Thursday, October 21, 2010 8:52 PM To: samba@lists.samba.org Subject: [Samba] Winbind user authentication (-a) fails, but kerberos authentication succeeds I am having trouble setting up winbind authentication. I have successfully joined the domain winbind -t OK winbind -u OK winbind -g OK winbind -K 'DOMAIN\user%password' OK winbind -a 'DOMAIN\user%password' FAIL For winbind -a: Plaintext authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED challenge/response authentication is attempted, and fails with NT_STATUS_ACCESS_DENIED Am using SAMBA 3.0.33 on Redhat 5.4 patched to latest. I have previously configured many SAMBA servers -- This email is from Civica Pty Limited and it, together with any attachments, is confidential to the intended recipient(s) and the contents may be legally privileged or contain proprietary and private information. It is intended solely for the person to whom it is addressed. If you are not an intended recipient, you may not review, copy or distribute this email. If received in error, please notify the sender and delete the message from your system immediately. Any views or opinions expressed in this email and any files transmitted with it are those of the author only and may not necessarily reflect the views of Civica and do not create any legally binding rights or obligations whatsoever. Unless otherwise pre-agreed by exchange of hard copy documents signed by duly authorised representatives, contracts may not be concluded on behalf of Civica by email. Please note that neither Civica nor the sender accepts any responsibility for any viruses and it is your responsibility to scan the email and the attachments (if any). All email received and sent by Civica may be monitored to protect the business interests of Civica. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
