+ Post New Thread
Page 1 of 4 1234 LastLast
Results 1 to 15 of 52
*nix Thread, Samba/Winbind wbinfo -a won't authenticate normal users? in Technical; Hi - got a bit of a pickle going on with *sigh* my Samba server. It's very new, as am ...
  1. #1

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    1,021
    Thank Post
    291
    Thanked 298 Times in 180 Posts
    Rep Power
    124

    Samba/Winbind wbinfo -a won't authenticate normal users?

    Hi - got a bit of a pickle going on with *sigh* my Samba server.

    It's very new, as am I to Linux, and currently have winbind and samba set up. Looking to create a share for profiles to be stored on for a 2008r2 domain.

    Falling at this hurdle I've come to, which is that upon testing winbind with wbinfo -a I can authenticate admin accounts and the administrator accounts fine, but 'normal' users (staff and students) return:

    challenge/response password authentication failed
    error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
    error messsage was: No such user

    ...And I've just got no bloody idea why

    wbinfo -u shows users as it should, wbinfo -g shows groups as it should.

    Not got around to testing out any shares yet, but I don't know I'll be able to set them up right without this wokring.

    Anyone got any ideas? Anyone else hate Linux too? (joking... )

  2. #2


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,033 Times in 813 Posts
    Rep Power
    341
    what does 'kinit username' do?

  3. #3

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    1,021
    Thank Post
    291
    Thanked 298 Times in 180 Posts
    Rep Power
    124
    Hi! Thanks so much for the reply!

    I got:

    # kinit username
    kinit: Configuration file does not specify default realm when parsing name username

  4. #4


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,033 Times in 813 Posts
    Rep Power
    341
    check you krb5.conf against another I posted here:

    Samba Homedirectory - Wiki

  5. Thanks to CyberNerd from:

    Miscbrah (2nd May 2012)

  6. #5

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    1,021
    Thank Post
    291
    Thanked 298 Times in 180 Posts
    Rep Power
    124
    Hi - have made my krb5.conf look like the one in the example but still no joy. Returns

    root@<servername>:/etc# kinit username
    kinit: Cannot resolve network address for KDC in realm "<MY_SHORT_DOMAIN_NAME>.LOCAL" while getting initial credentials

    ...But I'm about to ask a daft question. Local domain (as in, NOT the one that ends in ...sch.uk) should be set as "<whatever my pre-Windows 2000 domain name is>.LOCAL" without those ""... IS that right?

    That's actually something I've never really understood - how DO you know what your local domain name actually is?

    Cheers for the patient help and for stopping me putting my fist through the krb5.conf screen.

  7. #6


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,033 Times in 813 Posts
    Rep Power
    341
    Quote Originally Posted by Miscbrah View Post
    Hi - have made my krb5.conf look like the one in the example but still no joy. Returns

    root@<servername>:/etc# kinit username
    kinit: Cannot resolve network address for KDC in realm "<MY_SHORT_DOMAIN_NAME>.LOCAL" while getting initial credentials
    Is your time in sync with the domain controller?
    Code:
     ntpdate  <domaincontroller>
    Quote Originally Posted by Miscbrah View Post
    ...But I'm about to ask a daft question. Local domain (as in, NOT the one that ends in ...sch.uk) should be set as "<whatever my pre-Windows 2000 domain name is>.LOCAL" without those ""... IS that right?
    not really sure what your asking. The netbios name is the pre-windows 2000 workgroup style name. Myworkgroup is "CURRIC" (the old netbios name) whereas my realm is COLLEGE.INTERNAL.

    I'll pm some recent configs.

  8. #7

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    1,021
    Thank Post
    291
    Thanked 298 Times in 180 Posts
    Rep Power
    124
    Thanks Cybernerd you're awesome.

    It's the realm name I don't know, not sure where I find out what it is... :/

    EDIT - ok so I'm thinking that my domain name being WHATEVER.LA.SCH.UK then my realm name should be WHATEVER.LOCAL

    Sound like I'm barking up the right tree there?
    Last edited by Miscbrah; 2nd May 2012 at 10:29 AM.

  9. #8


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,033 Times in 813 Posts
    Rep Power
    341
    Quote Originally Posted by Miscbrah View Post
    Thanks Cybernerd you're awesome.

    It's the realm name I don't know, not sure where I find out what it is... :/

    EDIT - ok so I'm thinking that my domain name being WHATEVER.LA.SCH.UK then my realm name should be WHATEVER.LOCAL

    Sound like I'm barking up the right tree there?
    The realm is the top level of the active directory tree. log into active directory and run dcdiag on the command line - it wlll tell you in there somewhere (probably a better way)

  10. #9

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    1,021
    Thank Post
    291
    Thanked 298 Times in 180 Posts
    Rep Power
    124
    OH MY GAWD it's doing something positive...

    At least that kinit <username> part!

    If it's WORKING the prompt resets after you tyoe the password in right? I'm assuming so, because if I type it in wrong to test it tells me authentication failed...

    ...HOWEVER...

    wbinfo -a still gives me this old pants:

    root@james:/etc# wbinfo -a <user I'm testing>
    Enter <user I'm testing>'s password:
    plaintext password authentication failed
    Could not authenticate user <user I'm testing> with plaintext password
    Enter <user I'm testing>'s password:
    challenge/response password authentication failed
    error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
    error messsage was: No such user
    Could not authenticate user <user I'm testing> with challenge/response
    root@james:/etc#

    ...Is this giving anyone any obvious hints? :/

    I'm so lost, cheers for reading whoever's reading.

  11. #10

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,772
    Thank Post
    1,308
    Thanked 804 Times in 698 Posts
    Rep Power
    246
    Quote Originally Posted by Miscbrah View Post
    ...Is this giving anyone any obvious hints? :/
    Windows Server 2008 R2 has, by default, some security setting or other that makes it not authenticate Samba devices. Sorry, I can't recall the exact thing, but a quick Google for "server 2008 samba" or similar should bring it up.

  12. Thanks to dhicks from:

    Miscbrah (2nd May 2012)

  13. #11

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    1,021
    Thank Post
    291
    Thanked 298 Times in 180 Posts
    Rep Power
    124
    Quote Originally Posted by dhicks View Post
    Windows Server 2008 R2 has, by default, some security setting or other that makes it not authenticate Samba devices. Sorry, I can't recall the exact thing, but a quick Google for "server 2008 samba" or similar should bring it up.
    Thanks David! I'm not getting anything useful from Google though. :/

    Any other ideas from anywhere? Can't think how anyone would get using this it's horrible!

  14. #12

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    1,021
    Thank Post
    291
    Thanked 298 Times in 180 Posts
    Rep Power
    124
    Ok, might be getting nearer might not.

    Up-to-date symptoms are:

    - getent passwd and getent groups doesn't return anything related to the domain.

    - kinit <username> DOES somehow seem to work, as in when the password's typed in it doesn't say anything and just move to a new command prompt, where deliberately typing the WRONG password tells me it's not working.

    - have a folder created and listed in smb.conf but not made much progress adding groups and usernames as I've both no idea how, and no idea if they're even working anyqay.

    Can anyone PLEASE help me? I'm really really lost and this is driving me up the wall...

  15. #13

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    did you alter nsswitch.conf to use winbind lookups?

  16. #14

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    1,021
    Thank Post
    291
    Thanked 298 Times in 180 Posts
    Rep Power
    124
    Hey Geoff, thanks for reading all that. nsswitch.conf looks like:

    # Example configuration of GNU Name Service Switch functionality.
    # If you have the `glibc-doc-reference' and `info' packages installed, try:
    # `info libc "Name Service Switch"' for information about this file.

    passwd: compat winbind
    group: compat winbind
    shadow: compat

    #hosts: files dns
    #networks: files

    #protocols: db files
    #services: db files
    #ethers: db files
    #rpc: db files

    #netgroup: nis
    Is that as it should be?

  17. #15

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    yes, that looks right. Although I don't think those other lines should be commented out, they aren't related to the issue at hand.

    After you do a kinit, do a klist and post the result.

  18. Thanks to Geoff from:

    Miscbrah (2nd May 2012)



SHARE:
+ Post New Thread
Page 1 of 4 1234 LastLast

Similar Threads

  1. acls winbind samba and unix groups
    By CyberNerd in forum *nix
    Replies: 5
    Last Post: 28th January 2010, 10:40 PM
  2. Replies: 70
    Last Post: 13th November 2009, 02:51 PM
  3. Apache with Winbind Authentication
    By Ric_ in forum *nix
    Replies: 36
    Last Post: 22nd March 2008, 07:56 PM
  4. Replies: 5
    Last Post: 21st February 2007, 05:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •