I'm running version 2.0 beta. During the initial installation, I configured Samba to authenticate with an NT server. It worked as expected. Now, I want to reconfigure Samba with security = user. I've set encryption = no (and insured that the NT client is sending plain text passwords), and I've removed the references in the smb.conf file to PASSWORD SERVER =. As I expected, the NT workstation client produced a dialog box prompting for the username and password. However, when the ENTER key is pressed, the NT workstation comes back with another dialog box, re-prompting for the name/password. In the log."user" file, I get the following: [1999/01/08 11:59:58, 3] smbd/process.c:switch_message(402) switch message SMBsesssetupX (pid 2709) [1999/01/08 11:59:58, 3] smbd/reply.c:reply_sesssetup_and_X(675) Domain=[MSCC] NativeOS=[Windows NT 1381] NativeLanMan=[] [1999/01/08 11:59:58, 3] smbd/reply.c:reply_sesssetup_and_X(679) sesssetupX:name=[wagner] [1999/01/08 11:59:58, 4] passdb/pass_check.c:pass_check(791) Checking password for user wagner (l=5) [1999/01/08 11:59:58, 3] smbd/error.c:error_packet(138) error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/01/08 11:59:58, 3] smbd/error.c:error_packet(143) error string = No such file or directory What is going on???? There was also a reference to "No entry for user wagner in protected database!" What file(s) is Samba trying to read (and can't)???? When I ran smbpasswd -j DOM -r DOMPDC, did that do something that now needs to be undone? -------------- next part -------------- HTML attachment scrubbed and removed
OK, this is becoming frustrating...
I had samba 2.2.3a working on Solaris 8. I could get to the share fine via
my NY login/password (format {domain}\password} I was trying to get
Netatalk to authenticate via Winbindd. I re-compiled Samba (new ./config
--with-pam --with-pam-smbpass --with-winbind and added --with-acl-support.
wbinfo -u and wbinfo -g work fine
Now, I can no longer map the drive. My smb.conf is still the same. I
removed and re-added to the domain, but no success.
log.smbd is as follows:
kwsn99# more /opt/local/samba/var/log.smbd
[2002/02/13 13:12:53, 0] smbd/server.c:main(698)
smbd version 2.2.3a started.
Copyright Andrew Tridgell and the Samba Team 1992-2002
[2002/02/13 13:22:40, 0]
rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(40
6)
cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD
[2002/02/13 13:22:40, 0] smbd/password.c:domain_client_validate(1572)
domain_client_validate: unable to validate password for user JHelt in
domain H
GTV-CINETEL to Domain controller snkxs007. Error was
NT_STATUS_WRONG_PASSWORD.
[2002/02/13 13:22:51, 0]
rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(40
6)
cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD
[2002/02/13 13:22:51, 0] smbd/password.c:domain_client_validate(1572)
domain_client_validate: unable to validate password for user jhelt in
domain h
gtv-cinetel to Domain controller snkxs007. Error was
NT_STATUS_WRONG_PASSWORD.
[2002/02/13 13:22:51, 0] passdb/pampass.c:smb_pam_passcheck(827)
smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User
hgtv-cinetel\jhel
t !
[2002/02/13 13:24:46, 0]
rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(40
6)
cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD
[2002/02/13 13:24:46, 0] smbd/password.c:domain_client_validate(1572)
domain_client_validate: unable to validate password for user administrator
in
domain hgtv-cinetel to Domain controller snkxs007. Error was
NT_STATUS_WRONG_PAS
SWORD.
[2002/02/13 13:24:46, 0] passdb/pampass.c:smb_pam_passcheck(827)
smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User
hgtv-cinetel\admi
nistrator !
kwsn99#
Any suggestions??
John Helt
Systems Administrator
Scripps Networks
865-560-4133
The wbinfo success shows that winbind is mostly operative. The only other test I do on winbind is "getent passwd", to make sure the libnss interface is feeding NSS with the right passwd entries. If the output from that command contains Windows users, then winbind is operating properly for NSS. The next thing I'd look at after that is the PAM stack. Maybe the checking isn't getting as far as netatalk, or winbind? Since I don't use PAM, I can't help with that. I had PAM working with an earlier version of Samba, so I know it can be done, but I haven't used it in months. -----Original Message----- From: Gerald Carter [mailto:jerry@samba.org] Sent: Wednesday, February 13, 2002 1:42 PM To: Helt, John Cc: 'samba@lists.samba.org'; aesh@tricord.com Subject: Re: [Samba] Authentication failing On Wed, 13 Feb 2002, Helt, John wrote:> OK, this is becoming frustrating... > > I had samba 2.2.3a working on Solaris 8. I could get to the share finevia> my NY login/password (format {domain}\password} I was trying to get > Netatalk to authenticate via Winbindd. I re-compiled Samba (new ./config > --with-pam --with-pam-smbpass --with-winbind and added --with-acl-support. > > wbinfo -u and wbinfo -g work fine > > Now, I can no longer map the drive. My smb.conf is still the same. I > removed and re-added to the domain, but no success. > > log.smbd is as follows: > > kwsn99# more /opt/local/samba/var/log.smbd > [2002/02/13 13:12:53, 0] smbd/server.c:main(698) > smbd version 2.2.3a started. > Copyright Andrew Tridgell and the Samba Team 1992-2002 > [2002/02/13 13:22:40, 0] > rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(40 > 6) > cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORDThis may be an unconfirmed bug in Samba 2.2.3a. My suggestion is to try with 2.2.2 until we can resolve (or discount) any 2.2.3a bugs. cheers, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- -------------- next part -------------- HTML attachment scrubbed and removed