Prev: inotify trouble
Next: [Samba] possible repost: Samba 3.28 compilation fails, locking unavailable on FreeBSD 6.3
From: Thorkil Olesen on 29 Jan 2008 12:10 Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes: > I have logged in the samba server as root and tried this > > myserver:~ # wbinfo -a clorenzo%myrealpassword > plaintext password authentication failed > error code was NT_STATUS_INVALID_HANDLE (0xc0000008) > error messsage was: Invalid handle > Could not authenticate user clorenzo%myrealpassword with plaintext password > challenge/response password authentication failed > error code was NT_STATUS_INVALID_HANDLE (0xc0000008) > error messsage was: Invalid handle > Could not authenticate user clorenzo with challenge/response Maybe you should try: wbinfo -a NTDOMAIN\\clorenzo%myrealpassword > wbinfo -u and wbinfo -g gets right the list of users and groups from the NT > domain That is a good sign! wbinfo is a great tool to examine how winbind sees the world. I spent some time on an interdomain trust to a W2k3-server, but I think my problem was different from yours. Have you set up nsswitch.conf? Can you see a user with getent? -- Thorkil Olesen, Denmark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Carlos Lorenzo Matés on 29 Jan 2008 15:50 Hi. El Martes, 29 de Enero de 2008, Thorkil Olesen escribió: > Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes: > > I have logged in the samba server as root and tried this > > > > myserver:~ # wbinfo -a clorenzo%myrealpassword > > plaintext password authentication failed > > error code was NT_STATUS_INVALID_HANDLE (0xc0000008) > > error messsage was: Invalid handle > > Could not authenticate user clorenzo%myrealpassword with plaintext > > password challenge/response password authentication failed > > error code was NT_STATUS_INVALID_HANDLE (0xc0000008) > > error messsage was: Invalid handle > > Could not authenticate user clorenzo with challenge/response > > Maybe you should try: > > wbinfo -a NTDOMAIN\\clorenzo%myrealpassword This was my first try and it says exactly the same. > > > wbinfo -u and wbinfo -g gets right the list of users and groups from the > > NT domain > > That is a good sign! > > wbinfo is a great tool to examine how winbind sees the world. I spent some > time on an interdomain trust to a W2k3-server, but I think my problem was > different from yours. Have you set up nsswitch.conf? Can you see a user > with getent? We have the very same users groups and passwords in the NT Domain and in the samba Domain, our samba domain uses ldap for storage. Here is our nsswitch.conf # This works: #passwd: ldap compat #group: ldap compat # As does this: passwd: files ldap group: files ldap hosts: files dns wins networks: files dns services: files ldap protocols: files rpc: files ethers: files netmasks: files netgroup: files ldap publickey: files bootparams: files automount: files nis ldap aliases: files ldap passwd_compat: ldap winbind group_compat: ldap winbind shadow: compat #passwd_compat: ldap #group_compat: ldap #shadow: compat getent returns the ldap users, groups and paswwords, should getent also return the NT domain users when they are the same? Thanks -- Un saludo. Carlos Lorenzo Matés. clmates AT mundo-r DOT com
From: Jay Santillan on 30 Jan 2008 20:50 Hello Mr. Carlos, >getent returns the ldap users, groups and paswwords, should getent also return >the NT domain users when they are the same? I think,This will depend on your smb.conf. if you set 'winbind enum users' and 'winbind enum groups' to yes, getent should also display the users. by default, these are set to 'no'. regards, Jay <samba%40lists.samba.org?Subject=%5BSamba%5D%20Re%3A%20Trusted%20domain%20user%20login&In-Reply-To=loom.20080129T163727-468%40post.gmane.org> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Carlos Lorenzo Matés on 31 Jan 2008 15:40 Hi. El Miércoles, 30 de Enero de 2008, Jay Santillan escribió: > Hello Mr. Carlos, > > >getent returns the ldap users, groups and paswwords, should getent also > > return the NT domain users when they are the same? > > I think,This will depend on your smb.conf. > if you set 'winbind enum users' and 'winbind enum groups' to yes, getent > should also display the users. by default, these are set to 'no'. I already have the enum options to yes Thanks -- Un saludo. Carlos Lorenzo Matés. clmates AT mundo-r DOT com
From: Thorkil Olesen on 31 Jan 2008 17:30 Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes: > > Maybe you should try: > > > > wbinfo -a NTDOMAIN\\clorenzo%myrealpassword > > This was my first try and it says exactly the same. Well, that should work. > We have the very same users groups and passwords in the > NT Domain and in the > samba Domain, our samba domain uses ldap for storage. It doesn't make sense to have same users in both domains. >From samba's point of view users in different domains are not the same even though they have same username and password. They will still have different SIDs. > Here is our nsswitch.conf (...) > passwd: files ldap > group: files ldap (...) > passwd_compat: ldap winbind > group_compat: ldap winbind (...) Why do you put winbind at 'passwd_compat' instead of 'passwd'? > getent returns the ldap users, groups and paswwords, should > getent also return > the NT domain users when they are the same? If you use 'DOMAIN\user' it should, eg. getent passwd NTDOMAIN\\clorenzo I don't think however that nsswitch is used by wbinfo -a so this may not be your real problem. I had a similar problem that i solved by changing to kerberos, but with NT this is not possible. I don't think I can help with this. -- Thorkil Olesen, Denmark. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: inotify trouble Next: [Samba] possible repost: Samba 3.28 compilation fails, locking unavailable on FreeBSD 6.3 |