From: Johan.Bergstrom on
It seems I have the same problem that was discussed briefly earlier on this list in a mail from Kris Kaido. I didn't see any solution, so I'm wondering if it's considered a bug that needs to be fixed or simply a configuration error.

To be more specifc;

I have joined a Win2008R2 Forest/Domain AD with my server running RHEL5.4 - samba-3.0.33-3.14.el5 without problems.

I can view users and groups in the domain with wbinfo -u / wbinfo -g
Getent passwd also works fine, aswell as 'su - <domainuser>'

But I cannot authenticate users with password, ie login.

wbinfo -K domainuser%password works fine.
wbinfo -a domainuser%password fails on both plaintext and challenge/response password. See below for output.


# wbinfo -K domainuser%password
plaintext kerberos password authentication for [domainuser%password] succeeded (requesting cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_0

# wbinfo -a domainuser%password
plaintext password authentication failed
error code was NT code 0x00000721 (0x721)
error messsage was: NT code 0x00000721
Could not authenticate user domainuser%password with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_PIPE_DISCONNECTED (0xc00000b0)
error messsage was: Named pipe dicconnected
Could not authenticate user domainuser with challenge/response
To unsubscribe from this list go to the following URL and read the