Bob Bostwick (Lists)
2005-Jul-27 21:36 UTC
[Samba] NTLMv2 - wrong password with samba? (SOLVED)
I solved this issue by updating the 2003 AD Servers to SP1. Regards, Bob Bostwick -----Original Message----- From: Tim P [mailto:panterafreak@gmail.com] Sent: Tuesday, July 26, 2005 10:18 AM To: samba@lists.samba.org Subject: [Samba] NTLMv2 - wrong password with samba? I have samba 3.0.14-5 installed (installed via Fedora Core 4's Yum) I have enabled "client NTLMv2 auth = yes" in smb.conf When I run "ntlm_auth --username=user --domain=MYDOM" it connects fine (change user and MYDOM to be my user and my domain) When I run "ntlm_auth --username=user --domain=MYDOM --diagnostics" it fails on all tests with "wrong password" which is incorrect, I know its the right password, I was very careful with it and have reset it to make sure This is connecting to a 2003 active directory domain, I have successfully joined the machine to the domain and am able to get a list of users and groups without issue Here is the output of "ntlm_auth --username=user --domain=MYDOM --diagnostics" I have sanatized it to use "user" and "MYDOM" [root@redguard samba]# ntlm_auth --username=user --domain=MYDOM --diagnostics password: Wrong Password (0xc000006a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLMv2 failed! Wrong Password (0xc000006a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLMv2 and LMv2 failed! Wrong Password (0xc000006a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test LMv2 failed! Wrong Password (0xc000006a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test NTLMv2 and LMv2, LMv2 broken failed! Wrong Password (0xc000006a) Wrong Password (0xc000006a) Wrong Password (0xc000006a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext failed! Wrong Password (0xc000006a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext LM broken failed! Wrong Password (0xc000006a) Wrong Password (0xc000006a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext NT only failed! Wrong Password (0xc000006a) [2005/07/26 09:24:27, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594) Test Plaintext LM only failed! [root@redguard samba]# My smb.conf has the following in it that I have added [global] workgroup = MYDOM realm = MYDOM.ORG security = ads client NTLMv2 auth = yes Is there perhaps some setting I need to set in windows AD to allow me to connect this way (such as enabling remote access) or something on the samba side that I missed? Any advice is greatly appreciated, Thanks Tim
I upgraded as well after seeing your post but it still gives me the same error. Any log files I should be looking at on windows or the samba side. I know the password is correct, I logged into windows with it and didn't fat-finger it. On 7/27/05, Bob Bostwick (Lists) <boblist@digitechsystems.com> wrote:> I solved this issue by updating the 2003 AD Servers to SP1. > > Regards, > > Bob Bostwick
Andrew Bartlett
2005-Aug-05 16:01 UTC
[Samba] NTLMv2 - wrong password with samba? (SOLVED)
On Wed, 2005-08-03 at 15:40 -0400, Tim P wrote:> I am following the guide you wrote to incorporate an ipsec connection > through the poptop pptpd daemon and into a windows domain via samba. > > I have followed it > (http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf) and am > getting the following with my dianostics: > [root@redguard etc]# nmbd start > [root@redguard etc]# winbindd start > [root@redguard etc]# pptpd start > [root@redguard etc]# wbinfo -p > Ping to winbindd succeeded on fd 4 > [root@redguard etc]# wbinfo -t > checking the trust secret via RPC calls succeeded > [root@redguard etc]# ntlm_auth --username=user --domain=mydomain > password: > NT_STATUS_OK: Success (0x0) > [root@redguard etc]# ntlm_auth --username=user --domain=mydomain --diagnosticsThe failure of the NTLMv2 tests should not be a problem for ppp (MSCHAP/MSCHAPv2) logins, because NTLMv2 is not actually used for this. (These use a variation on the traditional NLTMv1). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050805/52a1f334/attachment.bin