Juan Machado
2010-Jan-12 13:53 UTC
[Samba] Strange SAMBA Winbind behavior - WBC_ERR_AUTH_ERROR - NT_STATUS_WRONG_PASSWORD
Hello All, I am having a weird behavior and after 2 days of trying to fix it, I just decided to ask the experts in this group! I have a RHEL5 box running SAMBA 3.4.3-41.el5. Users authenticate via Winbind to a Windows 2008R2 Domain controller. Authentication is fine, users can log in but ... 1. When user type their login/username, it takes 3 seconds to get the password prompt. 2. After the user provides the right password, the system let them log in but a "WRONG PASSWORD" message is displayed. When I check the logs I can see that BEFORE the user enters the password, there is a bcLogonUser failed: WBC_ERR_AUTH_ERROR message in the logs. Jan 12 08:37:10 myrhelserver sshd[13822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruserrhost=wve-systems-10.mydomain.com user=juan Jan 12 08:37:10 myrhelserver sshd[13822]: pam_winbind(sshd:auth): getting password (0x00000010) Jan 12 08:37:10 myrhelserver sshd[13822]: pam_winbind(sshd:auth): pam_get_item returned a password Jan 12 08:37:10 myrhelserver sshd[13822]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password Jan 12 08:37:10 myrhelserver sshd[13822]: pam_winbind(sshd:auth): user 'juan' denied access (incorrect password or invalid membership) Jan 12 08:37:17 myrhelserver sshd[13822]: pam_winbind(sshd:auth): getting password (0x00000010) Jan 12 08:37:17 myrhelserver sshd[13822]: pam_winbind(sshd:auth): pam_get_item returned a password Jan 12 08:37:17 myrhelserver sshd[13822]: pam_winbind(sshd:auth): user 'juan' granted access Jan 12 08:37:17 myrhelserver sshd[13822]: pam_winbind(sshd:account): user 'juan' granted access Jan 12 08:37:17 myrhelserver sshd[13822]: Accepted password for juan from 172.16.248.174 port 57858 ssh2 Jan 12 08:37:17 myrhelserver sshd[13822]: pam_unix(sshd:session): session opened for user juan by (uid=0) WBC_ERR_AUTH_ERRORJan 12 08:37:35 myrhelserver sshd[13874]: Connection closed by 172.16.1.62 ---------------- This is my /etc/pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomedir.so skel=/etc/skel umask=0022 session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so This is my /etc/samba/smb.conf: #======================= Global Settings ==================================== [global] workgroup = mydomain winbind separator = + server string = Samba Server security = ads load printers = yes winbind enum users = yes winbind enum groups = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 local master = no dns proxy = no password server = ad1.mydomain.com ad2.mydomain.com realm = MYDOMAIN.COM idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash winbind use default domain = true [homes] comment = Home Directories browseable = no writable = yes So,does anybody have an idea of WHY am I getting the "WRONG PASSWORD" message when I successfully authenticate? Thanks. Juan Machado