Prev: inotify trouble
Next: [Samba] possible repost: Samba 3.28 compilation fails, locking unavailable on FreeBSD 6.3
From: Thorkil Olesen on 29 Jan 2008 12:10
Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes:

> I have logged in the samba server as root and tried this
>
> myserver:~ # wbinfo -a clorenzo%myrealpassword
> plaintext password authentication failed
> error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
> error messsage was: Invalid handle
> Could not authenticate user clorenzo%myrealpassword with plaintext password
> challenge/response password authentication failed
> error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
> error messsage was: Invalid handle
> Could not authenticate user clorenzo with challenge/response

Maybe you should try:

wbinfo -a NTDOMAIN\\clorenzo%myrealpassword

> wbinfo -u and wbinfo -g gets right the list of users and groups from the NT
> domain

That is a good sign!

wbinfo is a great tool to examine how winbind sees the world. I spent some time
on an interdomain trust to a W2k3-server, but I think my problem was different
from yours. Have you set up nsswitch.conf? Can you see a user with getent?

--
Thorkil Olesen, Denmark


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
From: Carlos Lorenzo Matés on 29 Jan 2008 15:50
Hi.


El Martes, 29 de Enero de 2008, Thorkil Olesen escribió:
> Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes:
> > I have logged in the samba server as root and tried this
> >
> > myserver:~ # wbinfo -a clorenzo%myrealpassword
> > plaintext password authentication failed
> > error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
> > error messsage was: Invalid handle
> > Could not authenticate user clorenzo%myrealpassword with plaintext
> > password challenge/response password authentication failed
> > error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
> > error messsage was: Invalid handle
> > Could not authenticate user clorenzo with challenge/response
>
> Maybe you should try:
>
> wbinfo -a NTDOMAIN\\clorenzo%myrealpassword

This was my first try and it says exactly the same.


>
> > wbinfo -u and wbinfo -g gets right the list of users and groups from the
> > NT domain
>
> That is a good sign!
>
> wbinfo is a great tool to examine how winbind sees the world. I spent some
> time on an interdomain trust to a W2k3-server, but I think my problem was
> different from yours. Have you set up nsswitch.conf? Can you see a user
> with getent?


We have the very same users groups and passwords in the NT Domain and in the
samba Domain, our samba domain uses ldap for storage.



Here is our nsswitch.conf

# This works:
#passwd: ldap compat
#group: ldap compat

# As does this:
passwd: files ldap
group: files ldap

hosts: files dns wins
networks: files dns

services: files ldap
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files ldap
publickey: files

bootparams: files
automount: files nis ldap
aliases: files ldap
passwd_compat: ldap winbind
group_compat: ldap winbind
shadow: compat

#passwd_compat: ldap
#group_compat: ldap
#shadow: compat

getent returns the ldap users, groups and paswwords, should getent also return
the NT domain users when they are the same?


Thanks


--
Un saludo.

Carlos Lorenzo Matés.
clmates AT mundo-r DOT com
From: Jay Santillan on 30 Jan 2008 20:50
Hello Mr. Carlos,


>getent returns the ldap users, groups and paswwords, should getent also return
>the NT domain users when they are the same?

I think,This will depend on your smb.conf.
if you set 'winbind enum users' and 'winbind enum groups' to yes, getent
should also display the users. by default, these are set to 'no'.

regards,
Jay

<samba%40lists.samba.org?Subject=%5BSamba%5D%20Re%3A%20Trusted%20domain%20user%20login&In-Reply-To=loom.20080129T163727-468%40post.gmane.org>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
From: Carlos Lorenzo Matés on 31 Jan 2008 15:40
Hi.


El Miércoles, 30 de Enero de 2008, Jay Santillan escribió:
> Hello Mr. Carlos,
>
> >getent returns the ldap users, groups and paswwords, should getent also
> > return the NT domain users when they are the same?
>
> I think,This will depend on your smb.conf.
> if you set 'winbind enum users' and 'winbind enum groups' to yes, getent
> should also display the users. by default, these are set to 'no'.


I already have the enum options to yes

Thanks


--
Un saludo.

Carlos Lorenzo Matés.
clmates AT mundo-r DOT com
From: Thorkil Olesen on 31 Jan 2008 17:30
Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes:

> > Maybe you should try:
> >
> > wbinfo -a NTDOMAIN\\clorenzo%myrealpassword
>
> This was my first try and it says exactly the same.

Well, that should work.


> We have the very same users groups and passwords in the
> NT Domain and in the
> samba Domain, our samba domain uses ldap for storage.

It doesn't make sense to have same users in both domains.
>From samba's point of view users in different domains are
not the same even though they have same username and
password. They will still have different SIDs.

> Here is our nsswitch.conf

(...)
> passwd: files ldap
> group: files ldap
(...)
> passwd_compat: ldap winbind
> group_compat: ldap winbind
(...)

Why do you put winbind at 'passwd_compat' instead of 'passwd'?

> getent returns the ldap users, groups and paswwords, should
> getent also return
> the NT domain users when they are the same?

If you use 'DOMAIN\user' it should, eg.

getent passwd NTDOMAIN\\clorenzo

I don't think however that nsswitch is used by wbinfo -a so this
may not be your real problem.

I had a similar problem that i solved by changing to kerberos,
but with NT this is not possible.
I don't think I can help with this.

--
Thorkil Olesen, Denmark.







--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: inotify trouble
Next: [Samba] possible repost: Samba 3.28 compilation fails, locking unavailable on FreeBSD 6.3