Mike Leone on 29 Apr 2010 17:44:20 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] wbinfo -a fails plaintext auth; passes challenge/response


Any clues?

I also can't mount shares, I'm guessing it's all related:

$ sudo mount -t smbfs -o username=turgon,password=*******
//workhorse/OldHome /mnt
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

The "turgon" account is a Domain Admin, not to mention owner of the
share I am trying to mount.

> Once again, I am trying to add a machine to my Win2003 AD (that has
> Services for Unix installed). I am using Xubuntu 9.10, and samba 3.4.0.
> I set up Kerberos, and am getting a ticket. I have successfully joined
> the domain.
> 
> # net ads join -U administrator
> Enter administrator's password:
> Using short domain name -- DACRIB
> Joined 'DUAL-BOOTER' to realm 'DaCrib.local'
> 
> wbinfo -u does return all users, both local and AD.
> wbinfo -g returns all groups, both local and AD.
> wbinfo -t succeeds.
> 
> However,  I am failing plaintext authentication, with wbinfo -a:
> 
>  wbinfo -a turgon
> Enter turgon's password:
> plaintext password authentication failed
> Could not authenticate user turgon with plaintext password
> Enter turgon's password:
> challenge/response password authentication succeeded
> 
> Google seems to be non-helpful, with this failure message from samba.
> 
> Can anyone shed any light on my problem? Eventually, I want to configure
> this machine so that I can log into the machine using only AD accounts
> (no local logins), but I didn't want to proceed, until I had this
> problem solved.

testparm:

 [global]
	workgroup = DACRIB
	realm = DACRIB.LOCAL
	server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
	security = ADS
	map to guest = Bad User
	password server = dim-win2300.DaCrib.local
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes
	log level = 1
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	socket options = TCP_NODELAY  SO_RCVBUF=8192 SO_SNDBUF=8192
	os level = 2
	local master = No
	domain master = No
	dns proxy = No
	eventlog list = Application, System, Security, SyslogLinux
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	template shell = /bin/bash
	winbind separator = +
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind nss info = rfc2307
	winbind refresh tickets = Yes
	idmap config DACRIB:schema_mode = rfc2307
	idmap config DACRIB: default = true
	invalid users = root
	read only = No
	create mask = 0700
	directory mask = 0775


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug