Eric Boehm
2002-May-29 10:54 UTC
[Samba] Samba 2.2.5-pre and --with-winbind is not handling passwords properly
I am seeing some rather strange behavior with SAMBA_2_2 (update from
CVS, 05/29 12:30 EDT)
If I build with
./configure --with-automount --with-pam --with-libsmbclient --with-acl-support
then
/usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase -U boehm
Password: <password>
or
/usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase -U boehm%password
works fine.
If I build with
./configure --with-automount --with-pam --with-libsmbclient \
--with-acl-support --with-winbind
then
/usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase -U boehm%password
or
export USER=boehm%password
/usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase
work.
However,
/usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase -U boehm
Password: <password>
fails with
session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a
Tree Connect or Session Setup are invalid.)
The log file says
[2002/05/29 13:36:28, 0, pid=8803] rpc_client/cli_netlogon.c:(406)
cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD
[2002/05/29 13:36:28, 0, pid=8803] smbd/password.c:(1605)
domain_client_validate: unable to validate password for user BOEHM in domain
AMERICASE to Domain controller PCNTRTP01. Error was NT_STATUS_WRONG_PASSWORD.
I know I am not mistyping the password because I am using the mouse to
paste it in.
I have level 10 logs of -U user%password vs -U user when compiled with
--with-winbind but it is 6000+ lines of text. I can upload it if desired.
My smb.conf looks like
smb.conf:
# Global parameters
client code page = 437
# Samba requests 10000 but Solaris has only 1014 to spare
#max open files = 1014
comment = "Samba %v server"
share modes = yes
getwd cache = yes
browseable = yes
load printers = no
local master = no
log file = /usr/local/samba/var/log.%m
username map = /usr/local/samba/lib/username.map
debug pid = yes
dead time = 30
debug level = 1
socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=32768 SO_RCVBUF=32768
include = /usr/local/samba/lib/smb.conf.global.%h
include = /usr/local/samba/lib/smb.conf.shares.%h
smb.conf.global.wnc0s00u:
# if security = domain, then password server = * and workgroup is the
# domain of the machine account resource domain
workgroup = PCNTRTP
security = domain
password server = PCNTRTP01, ZRTPD0P0, PCNTRTP02
# password server = *
# if security = server, then password server = PDC, BDC ...
# where PDC and BDC are primary and backup domain controllers of
# the user account resource domain
# workgroup = americase
# security = server
# password server = ZRTPD01T, NRTPDE11, NRTPDE10, NRTPI915, PCNTRTP01,
PCNTRTP02
wins server = 47.156.160.179
encrypt passwords = yes
server string = "Test Samba server %h (%L), Samba"
interfaces = "47.142.164.249/22"
#shared mem size = 4194304
#netbios aliases = <alias1> <alias2>
#winbind separator = +
#winbind uid = 80000-90000
#winbind gid = 80000-90000
#winbind enum users = yes
#winbind enum groups = yes
#template homedir = /home/%U
#template shell = /usr/bin/ksh
--
Eric M. Boehm /"\ ASCII Ribbon Campaign
boehm@nortelnetworks.com \ / No HTML or RTF in mail
X No proprietary word-processing
Respect Open Standards / \ files in mail