2.2.6 installed from rpm on rh 7.2 system... I'm trying to use pam_winbind and apache's basic authentication to restrict access to certain directories served by apache. It does work, but when I enter a wrong password I get this error in log.winbindd: Plain-text authentication for user jarboed returned NT_STATUS_WRONG_PASSWORD Is there a way that pam_winbind.so can encrypt the passwords rather than send them plaintext? Thanks, ~ Daniel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 17 Oct 2002 daniel.jarboe@custserv.com wrote:> 2.2.6 installed from rpm on rh 7.2 system... > I'm trying to use pam_winbind and apache's basic authentication to > restrict access to certain directories served by apache. > > It does work, but when I enter a wrong password I get this error in > log.winbindd: > Plain-text authentication for user jarboed returned NT_STATUS_WRONG_PASSWORD > > Is there a way that pam_winbind.so can encrypt the passwords rather than > send them plaintext?pam_winbind.so does not authenticate users using plain text passwords. The messages you see (assuming you get this from 'wbinfo -a') has to do with wbinfo sending winbindd the clear text. Winbindd uses NTLMv1 for authentication. Look at a packet trace for further convincing. cheers, jerry --------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 "SAMS Teach Yourself Samba in 24 Hours" 2ed "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9rz6KIR7qMdg1EfYRAgVEAKCIEua2twmZWGS+3jB1YN/2zFN2FgCg8nD+ iL15Hve/LuG7gmsgJi68pV4=iOhE -----END PGP SIGNATURE-----
daniel.jarboe@custserv.com wrote:> > 2.2.6 installed from rpm on rh 7.2 system... > I'm trying to use pam_winbind and apache's basic authentication to > restrict access to certain directories served by apache. > > It does work, but when I enter a wrong password I get this error in > log.winbindd: > Plain-text authentication for user jarboed returned NT_STATUS_WRONG_PASSWORD > > Is there a way that pam_winbind.so can encrypt the passwords rather than > send them plaintext?All communications with the DC are encrypted - this message refers to the fact that your typed a plaintext password, rather than supplying an NTLM challange-response pair. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
Makes perfect sense. I should have looked at a trace, thanks guys! ~ Daniel abartlet@samba.org wrote:>daniel.jarboe@custserv.com wrote: > >>It does work, but when I enter a wrong password I get this error in >>log.winbindd: >>Plain-text authentication for user jarboed returned NT_STATUS_WRONG_PASSWORD >> >>Is there a way that pam_winbind.so can encrypt the passwords rather than >>send them plaintext? >> > >All communications with the DC are encrypted - this message refers to >the fact that your typed a plaintext password, rather than supplying an >NTLM challange-response pair. > >Andrew Bartlett >-------------- next part -------------- HTML attachment scrubbed and removed
Apparently Analagous Threads
- 3.0.6 and pam_winbind problems (sernet)?
- can't pause a samba shared printer from w2k pc
- weird loop selecting print driver from w2k client w/ samba 2.2.5 w/ patches
- Usernames with dots
- SLES9 Module '/usr/lib/samba/vfs/audit.so' loaded, Can't find a vfs module [/usr/lib/samba/vfs/audit.so]