schoeppchen
IS-IT--Management
Hi all,
I configured a linux box (Debian Sarge) with Winbind to authenticate against
a windows 2000 server AD. After joining the Domain via
net rpc join -U Administrator
I can get all AD users and groups using
wbinfo -u
wbinfo -g
getent passwd
Everything seems to be really fine, but when I try to authenticate against
the AD via
wbinfo -a testuser%testpass
I get:
-x-x-x-
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user testuser%testpass with plaintext password
challenge/response password authentication succeeded
-x-x-x-
So authentication seems to work obviously (see bottom line), but what does
the above
messages mean? Additionally I cannot authenticate using pam_winbind.so e.g.
for SSH
Loggins, I suppose the error that causes both has the same reason.
So here are the relevant parts of my /etc/samba/smb.conf:
-x-x-
workgroup = ...
security = domain
encrypt passwords = true
winbind separator = +
idmap uid = 10000-65535
idmap gid = 10000-65535
winbind enum users = yes
winbind enum groups = yes
-x-x-
Winbind is up and running, the symlink mentioned in the Samba HOWTO
(/lib/libnss_winbind.so --> /lib/libnss_winbind.so.2) is set up correctly
and /lib/security/pam_winbind.so and /lib/libnss_winbind.so are in place.
My /etc/nsswitch.conf is:
-x-x-
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-x-x-
Any help is appreciated!
I'm using version 3.0.14a of winbind (latest stable package of winbind
daemon on debian sarge).
Thanks,
Oliver Neumann
I configured a linux box (Debian Sarge) with Winbind to authenticate against
a windows 2000 server AD. After joining the Domain via
net rpc join -U Administrator
I can get all AD users and groups using
wbinfo -u
wbinfo -g
getent passwd
Everything seems to be really fine, but when I try to authenticate against
the AD via
wbinfo -a testuser%testpass
I get:
-x-x-x-
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user testuser%testpass with plaintext password
challenge/response password authentication succeeded
-x-x-x-
So authentication seems to work obviously (see bottom line), but what does
the above
messages mean? Additionally I cannot authenticate using pam_winbind.so e.g.
for SSH
Loggins, I suppose the error that causes both has the same reason.
So here are the relevant parts of my /etc/samba/smb.conf:
-x-x-
workgroup = ...
security = domain
encrypt passwords = true
winbind separator = +
idmap uid = 10000-65535
idmap gid = 10000-65535
winbind enum users = yes
winbind enum groups = yes
-x-x-
Winbind is up and running, the symlink mentioned in the Samba HOWTO
(/lib/libnss_winbind.so --> /lib/libnss_winbind.so.2) is set up correctly
and /lib/security/pam_winbind.so and /lib/libnss_winbind.so are in place.
My /etc/nsswitch.conf is:
-x-x-
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-x-x-
Any help is appreciated!
I'm using version 3.0.14a of winbind (latest stable package of winbind
daemon on debian sarge).
Thanks,
Oliver Neumann
