Hello!
I've been digging at this one for several days now, and haven't been
able to figure out what's going on. Google searches haven't been
particularly helpful, so maybe I am searching the wrong words.
My LDAP server has the proper schema, and I have an attribute for my
user: https://imgur.com/VRbM7s9 (yeah I know the password hash is there,
but I don't care, because this won't exist)
It shows up in pdbedit -L
root at freenas[~]# pdbedit -L
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=NOSGOTH))]
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
smbldap_search_paged: base => [dc=dark,dc=kow,dc=is], filter =>
[(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize =>
[1000]
smbldap_search_paged: search was successful
nobody:65534:Unprivileged user
init_sam_from_ldap: Entry found for user: Administrator
Administrator:90000002:Administrator
init_sam_from_ldap: Entry found for user: dkowis
dkowis:10001:David
init_sam_from_ldap: Entry found for user: butts
butts:90000004:butts <-- this one
However, the NtPassword hash does not show up in pdbedit -L -vw
init_sam_from_ldap: Entry found for user: butts
---------------
Unix username: butts
NT username: butts
Account Flags: [U ]
User SID: S-1-5-21-3154784271-1170687896-3522057148-1005
Primary Group SID: S-1-5-21-3154784271-1170687896-3522057148-513
Full Name: butts
Home Directory: \\freenas\butts
HomeDir Drive:
Logon Script:
Profile Path: \\freenas\butts\profile
Domain: NOSGOTH
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: 0
Password can change: 0
Password must change: 0
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
LM hash : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
NT hash : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
All authentication attempts either from windows or from linux smbclient
result in NT_STATUS_WRONG_PASSWORD
Logs: https://hastebin.com/cexudifino.js (ignore the silly extensions)
I'm very confused as to what's going on. When I debug my LDAP server, I
never see a query to load the NT password hash, but I do see attribute
requests for all the other elements here.
I'm hoping that this is a simple configuration problem, but I'm not
sure.
Running on FreeNAS 11 and my smb.conf (via testparm -v) is here
https://termbin.com/v748
Thanks in advance for your help!
--
David Kowis