samba - Sep 2014 - AD logins fail

I migrated my config to a new server, and now logins against the AD 
server are failing.

If I try the correct password, I get:

check_ntlm_password:  Authentication for user [yans] -> [yans] FAILED 
with error NT_STATUS_NO_SUCH_USER

But if I try with a wrong password I get:

check_ntlm_password:  Authentication for user [yans] -> [yans] FAILED 
with error NT_STATUS_WRONG_PASSWORD

Where do I look?

pam config:

password        [success=2 default=ignore]      pam_unix.so obscure sha512
password        [success=1 default=ignore]      pam_winbind.so 
use_authtok try_first_pass
password        requisite                       pam_deny.so
password        required                        pam_permit.so
password        optional                        pam_smbpass.so nullok 
use_authtok use_first_pass

nsswtich.conf:

passwd:     compat winbind
shadow:     compat
group:      compat winbind

smb.conf:

[global]
    workgroup = HPM
    netbios name = wiki
    server string = %h server (roadtrekwiki)
    log level = 2
    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
    security = ads
    realm = HPM.NET

      idmap config *:backend = tdb
      idmap config *:range = 70001-80000

    winbind enum users = yes
    winbind enum groups = yes

      domain master = no
      local master = no
      preferred master = no
      os level = 20
      map to guest = bad user
      map untrusted to domain = Yes

wbinfo stuff:

root at wiki:/etc/samba# wbinfo -D HPM
Name              : HPM
Alt_Name          : HPM.net
SID               : S-1-5-21-2459339012-1500590541-72990266
Active Directory  : Yes
Native            : Yes
Primary           : Yes
root at wiki:/etc/samba# wbinfo --own-domain
HPM
root at wiki:/etc/samba# wbinfo --domain HPM -i 'yans'
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user yans
root at wiki:/etc/samba# wbinfo -u | grep yans
HPM\yans

What in the world am I doing wrong?

On 09/03/2014 03:23 PM, Yan Seiner wrote:
> I migrated my config to a new server, and now logins against the AD 
> server are failing.
>
> If I try the correct password, I get:
>
> check_ntlm_password:  Authentication for user [yans] -> [yans] FAILED 
> with error NT_STATUS_NO_SUCH_USER
>
> But if I try with a wrong password I get:
>
> check_ntlm_password:  Authentication for user [yans] -> [yans] FAILED 
> with error NT_STATUS_WRONG_PASSWORD
>
> Where do I look?
>
> pam config:
>
> password        [success=2 default=ignore]      pam_unix.so obscure 
> sha512
> password        [success=1 default=ignore]      pam_winbind.so 
> use_authtok try_first_pass
> password        requisite                       pam_deny.so
> password        required                        pam_permit.so
> password        optional                        pam_smbpass.so nullok 
> use_authtok use_first_pass
>
> nsswtich.conf:
>
> passwd:     compat winbind
> shadow:     compat
> group:      compat winbind
>
> smb.conf:
>
> [global]
>    workgroup = HPM
>    netbios name = wiki
>    server string = %h server (roadtrekwiki)
>    log level = 2
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    security = ads
>    realm = HPM.NET
>
>      idmap config *:backend = tdb
>      idmap config *:range = 70001-80000
>
>    winbind enum users = yes
>    winbind enum groups = yes
>
>      domain master = no
>      local master = no
>      preferred master = no
>      os level = 20
>      map to guest = bad user
>      map untrusted to domain = Yes
>
> wbinfo stuff:
>
> root at wiki:/etc/samba# wbinfo -D HPM
> Name              : HPM
> Alt_Name          : HPM.net
> SID               : S-1-5-21-2459339012-1500590541-72990266
> Active Directory  : Yes
> Native            : Yes
> Primary           : Yes
> root at wiki:/etc/samba# wbinfo --own-domain
> HPM
> root at wiki:/etc/samba# wbinfo --domain HPM -i 'yans'
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user yans
> root at wiki:/etc/samba# wbinfo -u | grep yans
> HPM\yans
>
> What in the world am I doing wrong?
I just tried this:

root at wiki:/etc/samba# wbinfo -a yans%xxxx
plaintext password authentication failed
Could not authenticate user yans%xxxx with plaintext password
challenge/response password authentication succeeded
root at wiki:/etc/samba#

Now I'm really confused.  :(