On (25/07/17 09:56), Marc-Henri Pamiseux wrote: >Hi sssd user's, > >I contacted yesterday the Samba discussion list about a malfunction with >this software. I was asked to put my question to the sssd list, which I >do :) >You will find below the email sent to the Samba list: > >************************************************************************** >I've update a domain member smb server to samba 4.6.5. >I don't want to use winbind for this upgrade so i'm trying with sssd. >After a long informative reading on this subject, i've finaly success to >connect using the hostname. > >The domain member is well join to AD-DC : ># net ads testjoin >Join is OK > >Another test : ># adcli info -D local.mydomain >[domain] >domain-name = local.mydomain >domain-short = MYDOMAIN >domain-forest = local.mydomain >domain-controller = hera.local.mydomain >domain-controller-site = Laval >domain-controller-flags = pdc gc ldap ds kdc timeserv closest writable >good-timeserv full-secret >domain-controller-usable = yes >domain-controllers = hera.local.mydomain >[computer] >computer-site = Laval > >From the Domain member server (RHEA), i can view the main sharing using >my account but not when using the administrator account. By the way, i >belive i made some limitation on this account because nobody have to use >this one > ># smbclient -L //RHEA -U myident >Enter MYDOMAIN\myident's password: > > Sharename Type Comment > --------- ---- ------- > IPC$ IPC IPC Service (Samba 4.6.5-Debian) > projets Disk Gestion des projets > public Disk Public Stuff > myident Disk Repertoire Personnel >Domain=[MYDOMAIN] OS=[] Server=[] > > Server Comment > --------- ------- > RHEA Samba 4.6.5-Debian > > Workgroup Master > --------- ------- > MYDOMAIN RHEA > >From the AD-DC server (HERA), i can see the same thing using my account. >Stil on the AD-DC, i've try another method : > ># smbclient -L //192.168.1.2 -U myident >Enter MYDOMAIN\myident's password: >Domain=[MYDOMAIN] OS=[] Server=[] > > Sharename Type Comment > --------- ---- ------- > IPC$ IPC IPC Service (Samba 4.6.5-Debian) > projets Disk Gestion des projets > public Disk Public Stuff > myident Disk Repertoire Personnel >Domain=[MYDOMAIN] OS=[] Server=[] > > Server Comment > --------- ------- > RHEA Samba 4.6.5-Debian > > Workgroup Master > --------- ------- > MYDOMAIN RHEA > >Well... >Everything seems to work. >Now i want to test an access from a windows client. I have open the >session on the domain using my account. Now i open windows explorer and >i type //RHEA in the address bar. I can see the share that i can use. >So, why do i post on this mailing list ? > >Because when I use address //192.168.1.2, the operating system asks me >to identify myself. But i'have already done this when i've open this >session. I am surprised because it is usually the opposite error that >occurs. Let's go to the log on RHEA Host (192.168.1.2) : > >[2017/07/25 02:46:15.286177, 0] >../source3/auth/auth_domain.c:226(domain_client_validate) > domain_client_validate: unable to validate password for user myident >in domain MYDOMAIN to Domain controller HERA.LOCAL.MYDOMAIN. Error was >NT_STATUS_WRONG_PASSWORD. >[2017/07/25 02:46:15.288928, 2] >../source3/auth/auth.c:315(auth_check_ntlm_password) > check_ntlm_password: Authentication for user [myident] -> [myident] >FAILED with error NT_STATUS_WRONG_PASSWORD >[2017/07/25 02:46:15.296364, 2] >../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg) > SPNEGO login failed: NT_STATUS_WRONG_PASSWORD > >Ok, but this error occurred even before I specified an identifier. >I removed the Windows-based workstation from the domain and then, i join >it again. In this regard, i have noticed that a computer can not join a >Windows Active Directory domain if the Netbios over TCP / IP option is >not enabled. Too bad ! > >RSAT is installed on this computer and i still can login and maintain >Active Directory and DNS zone from this computer. But now, i cannot see >RHEA share anymore. I've got the same error even if i use IP or hostname. > >sssd seems to work fine because the command getent passwd give me a result : > ># getent passwd myident >myident:*:1072:513:Marc-Henri Pamiseux:/home/MYDOMAIN/myident:/bin/bash > >Does someone can help me to investigate ?
I would recommend following page for troubleshooting SSSD https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html And maybe you can directly jump to authentication section https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html#troubleshooting-authentication-password-change-and-access-control LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
