+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 52
*nix Thread, Samba/Winbind wbinfo -a won't authenticate normal users? in Technical; Thanks for helping Geoff! Ok, klist gives me this: root@james:/etc# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: <username I'm testing>@<LONG DOMAIN ...
  1. #16

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    891
    Thank Post
    245
    Thanked 253 Times in 152 Posts
    Rep Power
    114
    Thanks for helping Geoff!

    Ok, klist gives me this:

    root@james:/etc# klist
    Ticket cache: FILE:/tmp/krb5cc_0
    Default principal: <username I'm testing>@<LONG DOMAIN NAME>.SCH.UK

    Valid starting Expires Service principal
    05/02/12 13:29:21 05/02/12 23:29:22 krbtgt/<LONG_DOMAIN_NAME>.SCH.UK@<LONG_DOMAIN_NAME>.SCH.U K
    renew until 05/03/12 13:29:21
    root@james:/etc#

    The server's called "james" as you might guess and 'username I'm testing' and 'long domain name' are substituted.

    Is that what you'd think I should be seeing?

  2. #17

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Yes that means that at least the kerberos is working ok. Try doing a 'wbinfo -a --verbose'

  3. #18


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by dhicks View Post
    Windows Server 2008 R2 has, by default, some security setting or other that makes it not authenticate Samba devices. Sorry, I can't recall the exact thing, but a quick Google for "server 2008 samba" or similar should bring it up.
    I think its related to older versions of samba. Samba >= 3.6 is ok.
    just had a look on a ubuntu workstation (my server is RedHat though)

    do
    Code:
     dpkg -l samba
    to check

    just noticed that samba4 is included in 12.04

  4. #19

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    891
    Thank Post
    245
    Thanked 253 Times in 152 Posts
    Rep Power
    114
    Quote Originally Posted by Geoff View Post
    Yes that means that at least the kerberos is working ok. Try doing a 'wbinfo -a --verbose'
    Ahh, ok then judging by this it's not working after all:


    root@james:/etc#
    wbinfo -a jlamb --verbose
    Enter jlamb's password:
    plaintext password authentication failed
    Could not authenticate user jlamb with plaintext password
    Enter jlamb's password:
    challenge/response password authentication failed
    error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
    error messsage was: No such user
    Could not authenticate user jlamb with challenge/response
    root@james:/etc#

  5. #20


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    have you got this line in smb.conf ?


    winbind use default domain = yes

  6. #21

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    891
    Thank Post
    245
    Thanked 253 Times in 152 Posts
    Rep Power
    114
    Quote Originally Posted by CyberNerd View Post
    have you got this line in smb.conf ?


    winbind use default domain = yes
    I do, yeah.

  7. #22

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,624
    Thank Post
    1,240
    Thanked 778 Times in 675 Posts
    Rep Power
    235
    Quote Originally Posted by Miscbrah View Post
    Thanks David! I'm not getting anything useful from Google though.
    Try:

    Allow Windows Vista, Server 2008 systems to interact with older Samba installations | TechRepublic

    From the article: "Windows Vista and Server 2008 have a default version requirement of MS-LAN Manager communication that prohibits communication to older Linux-based Samba installations. This can be fixed via group policy or the local security policy."

  8. Thanks to dhicks from:

    Miscbrah (2nd May 2012)

  9. #23

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    891
    Thank Post
    245
    Thanked 253 Times in 152 Posts
    Rep Power
    114
    Cheers David! Google-Fu has been weak today...

    I'll apply that and see if it sorts anything.

  10. #24

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Quote Originally Posted by Miscbrah View Post
    Ahh, ok then judging by this it's not working after all:


    root@james:/etc#
    wbinfo -a jlamb --verbose
    Enter jlamb's password:
    plaintext password authentication failed
    Could not authenticate user jlamb with plaintext password
    Enter jlamb's password:
    challenge/response password authentication failed
    error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
    error messsage was: No such user
    Could not authenticate user jlamb with challenge/response
    root@james:/etc#
    does:

    Code:
    wbinfo -a jlamb@DNS.DOMAIN.NAME --verbose
    work? replace DNS.DOMAIN.NAME with your actual dns domain ofc.

  11. #25

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    891
    Thank Post
    245
    Thanked 253 Times in 152 Posts
    Rep Power
    114
    Cheers again again - no that doesn't work, gives me:

    root@james:/home/eng# wbinfo -a jlamb@<DOMAIN_NAME>.SCH.UK --verbose
    Enter jlamb@<DOMAIN_NAME>.SCH.UK's password:
    plaintext password authentication failed
    Could not authenticate user jlamb@<DOMAIN_NAME>.SCH.UK with plaintext password
    Enter jlamb@<DOMAIN_NAME>.SCH.UK's password:
    challenge/response password authentication failed
    error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
    error messsage was: No such user
    Could not authenticate user jlamb@<DOMAIN_NAME>.SCH.UK with challenge/response
    It seems like you have a game plan though, which encourages me!

  12. #26

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Try with the Administrator account.

  13. #27

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    891
    Thank Post
    245
    Thanked 253 Times in 152 Posts
    Rep Power
    114
    Gah, same thing with the administrator account and another admin account :/

  14. #28


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Sorry for the dumb question, but did you actually join the server to the domain?

  15. #29

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    891
    Thank Post
    245
    Thanked 253 Times in 152 Posts
    Rep Power
    114
    Heh, no it's NOT a dumb question and I'm grateful for all the angles of approach anyone's got.

    I did join it to the domain yes. It shows up in AD too and pings ok.

  16. #30

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    what are the output of:

    Code:
    net ads testjoin
    and

    Code:
    wbinfo -t

SHARE:
+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. acls winbind samba and unix groups
    By CyberNerd in forum *nix
    Replies: 5
    Last Post: 28th January 2010, 09:40 PM
  2. Replies: 70
    Last Post: 13th November 2009, 01:51 PM
  3. Apache with Winbind Authentication
    By Ric_ in forum *nix
    Replies: 36
    Last Post: 22nd March 2008, 06:56 PM
  4. Replies: 5
    Last Post: 21st February 2007, 04:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •