Randall A Sindlinger on 30 Apr 2010 09:00:16 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] wbinfo -a fails plaintext auth; passes challenge/response


Honestly, I'd be thrilled if it's working correctly.  Failing plaintext
logins could be a sign of plaintext being disabled.  I don't know 
wbinfo at all, but imap and pop will accept a connection, but then
give some misleading error if they're only accepting STARTTLS and
you give them plaintext credentials, for example.

Just a shot in the dark since the collective is silent on this :-)

-Randall


On Thu, Apr 29, 2010 at 08:44:10PM -0400, Mike Leone wrote:
> Any clues?
> 
> I also can't mount shares, I'm guessing it's all related:
> 
> $ sudo mount -t smbfs -o username=turgon,password=*******
> //workhorse/OldHome /mnt
> mount error(13): Permission denied
> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
> 
> The "turgon" account is a Domain Admin, not to mention owner of the
> share I am trying to mount.
> 
> > Once again, I am trying to add a machine to my Win2003 AD (that has
> > Services for Unix installed). I am using Xubuntu 9.10, and samba 3.4.0.
> > I set up Kerberos, and am getting a ticket. I have successfully joined
> > the domain.
> > 
> > # net ads join -U administrator
> > Enter administrator's password:
> > Using short domain name -- DACRIB
> > Joined 'DUAL-BOOTER' to realm 'DaCrib.local'
> > 
> > wbinfo -u does return all users, both local and AD.
> > wbinfo -g returns all groups, both local and AD.
> > wbinfo -t succeeds.
> > 
> > However,  I am failing plaintext authentication, with wbinfo -a:
> > 
> >  wbinfo -a turgon
> > Enter turgon's password:
> > plaintext password authentication failed
> > Could not authenticate user turgon with plaintext password
> > Enter turgon's password:
> > challenge/response password authentication succeeded
> > 
> > Google seems to be non-helpful, with this failure message from samba.
> > 
> > Can anyone shed any light on my problem? Eventually, I want to configure
> > this machine so that I can log into the machine using only AD accounts
> > (no local logins), but I didn't want to proceed, until I had this
> > problem solved.
> 
> testparm:
> 
>  [global]
> 	workgroup = DACRIB
> 	realm = DACRIB.LOCAL
> 	server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
> 	security = ADS
> 	map to guest = Bad User
> 	password server = dim-win2300.DaCrib.local
> 	pam password change = Yes
> 	passwd program = /usr/bin/passwd %u
> 	passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> 	unix password sync = Yes
> 	log level = 1
> 	syslog = 0
> 	log file = /var/log/samba/log.%m
> 	max log size = 1000
> 	socket options = TCP_NODELAY  SO_RCVBUF=8192 SO_SNDBUF=8192
> 	os level = 2
> 	local master = No
> 	domain master = No
> 	dns proxy = No
> 	eventlog list = Application, System, Security, SyslogLinux
> 	usershare allow guests = Yes
> 	panic action = /usr/share/samba/panic-action %d
> 	idmap uid = 10000-20000
> 	idmap gid = 10000-20000
> 	template shell = /bin/bash
> 	winbind separator = +
> 	winbind enum users = Yes
> 	winbind enum groups = Yes
> 	winbind nss info = rfc2307
> 	winbind refresh tickets = Yes
> 	idmap config DACRIB:schema_mode = rfc2307
> 	idmap config DACRIB: default = true
> 	invalid users = root
> 	read only = No
> 	create mask = 0700
> 	directory mask = 0775
> 
> 
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
> 
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug