samba - Jul 2005 - NTLMv2 - wrong password with samba?

I have samba 3.0.14-5 installed (installed via Fedora Core 4's Yum)
I have enabled "client NTLMv2 auth = yes" in smb.conf
When I run "ntlm_auth --username=user --domain=MYDOM" it connects fine
(change user and MYDOM to be my user and my domain)
When I run "ntlm_auth --username=user --domain=MYDOM --diagnostics" it
fails on all tests with "wrong password" which is incorrect, I know
its the right password, I was very careful with it and have reset it
to make sure
This is connecting to a 2003 active directory domain, I have
successfully joined the machine to the domain and am able to get a
list of users and groups without issue

Here is the output of "ntlm_auth --username=user --domain=MYDOM
--diagnostics"
I have sanatized it to use "user" and "MYDOM"

[root@redguard samba]# ntlm_auth --username=user --domain=MYDOM --diagnostics
password:
Wrong Password (0xc000006a)
[2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
  Test NTLMv2 failed!
Wrong Password (0xc000006a)
[2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
  Test NTLMv2 and LMv2 failed!
Wrong Password (0xc000006a)
[2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
  Test LMv2 failed!
Wrong Password (0xc000006a)
[2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
  Test NTLMv2 and LMv2, LMv2 broken failed!
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
[2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
  Test Plaintext failed!
Wrong Password (0xc000006a)
[2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
  Test Plaintext LM broken failed!
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
[2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
  Test Plaintext NT only failed!
Wrong Password (0xc000006a)
[2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
  Test Plaintext LM only failed!
[root@redguard samba]#

My smb.conf has the following in it that I have added
[global]

   workgroup = MYDOM
   realm = MYDOM.ORG
   security = ads
   client NTLMv2 auth = yes

Is there perhaps some setting I need to set in windows AD to allow me
to connect this way (such as enabling remote access) or something on
the samba side that I missed?

Any advice is greatly appreciated,
Thanks
Tim

I've got the exact same problem... samba-3.0.14a-1

# ntlm_auth --username=myuser--domain=mydomain
password:
NT_STATUS_OK: Success (0x0)
# ntlm_auth--username=myuser--domain=mydomain--diagnostics
password:
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)

Also running "net ads user -U myuser" returns...
myuser's password:
USER1
USER2
USER3

Instead of 

MYDOMAIN\USER1
MYDOMAIN\USER2
MYDOMAIN\USER3
... not sure if that matters or not.  Everything else seems to work.
I'm using ADS to authenticate SSH to test it and that works..

#tail -5 /var/log/messages
Jul 26 14:14:27 raidzone pam_winbind[19357]: user 'dsibobb' granted
access
Jul 26 14:26:37 raidzone net: [2005/07/26 14:26:37, 0]
libads/kerberos.c:ads_kinit_password(146)
Jul 26 14:26:37 raidzone net:   kerberos_kinit_password
root@DSI.DIGITECHSYSTEMS.COM failed: Client not found in Kerberos
database
Jul 26 14:26:37 raidzone net: [2005/07/26 14:26:37, 0]
utils/net_ads.c:ads_startup(191)
Jul 26 14:26:37 raidzone net:   ads_connect: Client not found in
Kerberos database


The first part of this is from a successful SSH login with ADS
credentials.  The rest if from
"ntlm_auth--username=myuser--domain=mydomain--diagnostics"



		I have samba 3.0.14-5 installed (installed via Fedora
Core 4's Yum)
		I have enabled "client NTLMv2 auth = yes" in smb.conf
		When I run "ntlm_auth --username=user --domain=MYDOM" it
connects fine
		(change user and MYDOM to be my user and my domain)
		When I run "ntlm_auth --username=user --domain=MYDOM
--diagnostics" it
		fails on all tests with "wrong password" which is
incorrect, I know
		its the right password, I was very careful with it and
have reset it
		to make sure
		This is connecting to a 2003 active directory domain, I
have
		successfully joined the machine to the domain and am
able to get a
		list of users and groups without issue

		Here is the output of "ntlm_auth --username=user
--domain=MYDOM --diagnostics"
		I have sanatized it to use "user" and "MYDOM"

		[root@redguard samba]# ntlm_auth --username=user
--domain=MYDOM --diagnostics
		password:
		Wrong Password (0xc000006a)
		[2005/07/26 09:24:27, 1]
utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
		  Test NTLMv2 failed!
		Wrong Password (0xc000006a)
		[2005/07/26 09:24:27, 1]
utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
		  Test NTLMv2 and LMv2 failed!
		Wrong Password (0xc000006a)
		[2005/07/26 09:24:27, 1]
utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
		  Test LMv2 failed!
		Wrong Password (0xc000006a)
		[2005/07/26 09:24:27, 1]
utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
		  Test NTLMv2 and LMv2, LMv2 broken failed!
		Wrong Password (0xc000006a)
		Wrong Password (0xc000006a)
		Wrong Password (0xc000006a)
		[2005/07/26 09:24:27, 1]
utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
		  Test Plaintext failed!
		Wrong Password (0xc000006a)
		[2005/07/26 09:24:27, 1]
utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
		  Test Plaintext LM broken failed!
		Wrong Password (0xc000006a)
		Wrong Password (0xc000006a)
		[2005/07/26 09:24:27, 1]
utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
		  Test Plaintext NT only failed!
		Wrong Password (0xc000006a)
		[2005/07/26 09:24:27, 1]
utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
		  Test Plaintext LM only failed!
		[root@redguard samba]#

		My smb.conf has the following in it that I have added
		[global]

		   workgroup = MYDOM
		   realm = MYDOM.ORG
		   security = ads
		   client NTLMv2 auth = yes

		Is there perhaps some setting I need to set in windows
AD to allow me
		to connect this way (such as enabling remote access) or
something on
		the samba side that I missed?

		Any advice is greatly appreciated,
		Thanks
		Tim
		-- 
		To unsubscribe from this list go to the following URL
and read the
		instructions:  https://lists.samba.org/mailma
n/listinfo/samba