Mike Leone
2010-Apr-29 03:59 UTC
[Samba] wbinfo -a fails plaintext auth; passes challenge/response
Once again, I am trying to add a machine to my Win2003 AD (that has Services for Unix installed). I am using Xubuntu 9.10, and samba 3.4.0. I set up Kerberos, and am getting a ticket. I have successfully joined the domain. # net ads join -U administrator Enter administrator's password: Using short domain name -- DACRIB Joined 'DUAL-BOOTER' to realm 'DaCrib.local' wbinfo -u does return all users, both local and AD. wbinfo -g returns all groups, both local and AD. wbinfo -t succeeds. However, I am failing plaintext authentication, with wbinfo -a: wbinfo -a turgon Enter turgon's password: plaintext password authentication failed Could not authenticate user turgon with plaintext password Enter turgon's password: challenge/response password authentication succeeded Google seems to be non-helpful, with this failure message from samba. Can anyone shed any light on my problem? Eventually, I want to configure this machine so that I can log into the machine using only AD accounts (no local logins), but I didn't want to proceed, until I had this problem solved. Thanks
Mike Leone
2010-Apr-30 00:44 UTC
[Samba] wbinfo -a fails plaintext auth; passes challenge/response
Any clues? I also can't mount shares, I'm guessing it's all related: $ sudo mount -t smbfs -o username=turgon,password=******* //workhorse/OldHome /mnt mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) The "turgon" account is a Domain Admin, not to mention owner of the share I am trying to mount.> Once again, I am trying to add a machine to my Win2003 AD (that has > Services for Unix installed). I am using Xubuntu 9.10, and samba 3.4.0. > I set up Kerberos, and am getting a ticket. I have successfully joined > the domain. > > # net ads join -U administrator > Enter administrator's password: > Using short domain name -- DACRIB > Joined 'DUAL-BOOTER' to realm 'DaCrib.local' > > wbinfo -u does return all users, both local and AD. > wbinfo -g returns all groups, both local and AD. > wbinfo -t succeeds. > > However, I am failing plaintext authentication, with wbinfo -a: > > wbinfo -a turgon > Enter turgon's password: > plaintext password authentication failed > Could not authenticate user turgon with plaintext password > Enter turgon's password: > challenge/response password authentication succeeded > > Google seems to be non-helpful, with this failure message from samba. > > Can anyone shed any light on my problem? Eventually, I want to configure > this machine so that I can log into the machine using only AD accounts > (no local logins), but I didn't want to proceed, until I had this > problem solved.testparm: [global] workgroup = DACRIB realm = DACRIB.LOCAL server string = %h server (Samba %v, Domain: %D, Server: %L - %R) security = ADS map to guest = Bad User password server = dim-win2300.DaCrib.local pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes log level = 1 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 2 local master = No domain master = No dns proxy = No eventlog list = Application, System, Security, SyslogLinux usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind nss info = rfc2307 winbind refresh tickets = Yes idmap config DACRIB:schema_mode = rfc2307 idmap config DACRIB: default = true invalid users = root read only = No create mask = 0700 directory mask = 0775