Hi guys,

I have a strange problem. I can authenticate a user with wbinfo from
my domain controller (security =3D ads), however when I try and map a
share, the authentication fails. i.e.

# wbinfo -a 'COAL+bcanglo%bcpass'
plaintext password authentication succeeded
challenge/response password authentication succeeded

# smbclient '\\xxxxxxx\timtest' -U 'COAL\bcanglo' bcpass
added interface ip=3D10.xxx.xxx.101 bcast=3D10.xxx.xxx.255 nmask=3D255.255.=
255.0
Client started (version 3.0.14a based HP CIFS Server A.02.02).
Connecting to 10.xxx.xxx.101 at port 445
session setup failed: NT_STATUS_LOGON_FAILURE

Note: That share definately exists.

I'm running winbindd in debug mode and I can see both commands talk to
winbind and both attempt to talk to the domain controller. Yet
wbinfo works fine, and smbclient fails with this:

add_trusted_domain: COAL is an ADS native mode domain
[ 2547]: request interface version
[ 2547]: request location of privileged pipe
[ 2547]: getpwnam coal+bcanglo
ads: fetch sequence_number for COAL
sys_gethostbyname: Unknown host. \\10.xx.xx.101
ads_connect for domain COAL failed: No such file or directory
user 'bcanglo' does not exist
[ 2547]: getpwnam COAL+bcanglo
user 'bcanglo' does not exist
[ 2547]: getpwnam COAL+BCANGLO
user 'BCANGLO' does not exist

...and smbd debug says:

check_ntlm_password: Authentication for user [bcanglo] -> [bcanglo]
FAILED with error NT_STATUS_NO_SUCH_USER

.....which makes no sense, because the user DEFINATELY exists, and the
winbindd/krb/ldap stuff is DEFINATELY set up and working:

# wbinfo -n 'COAL+bcanglo'
S-1-5-21-1955927045-6xxxxxxxx-239210854-5002 User (1)
# wbinfo -n 'COAL+BCANGLO'
S-1-5-21-1955927045-6xxxxxxxx-239210854-5002 User (1)

Now, interestingly if I use smbclient and intentionally get the
password wrong, smbd says this:

check_ntlm_password: Authentication for user [bcanglo] -> [bcanglo]
FAILED with error NT_STATUS_WRONG_PASSWORD

Busted! So I know its talking to the domain controller, and I know
that it knows the user exists.

Note: The COAL domain is a trusted domain:

# wbinfo -m
XXXXXX
BUILTIN
COAL

I'm running the latest HP-UX packages and recommended libraries, so
this version of Samba is:

# smbd -V
Version 3.0.14a based HP CIFS Server A.02.02

So why can I test out a username/password with wbinfo, but get "User
does not exist" when I try and map a share with smbclient?

If you need more verbose debug output from smbd or winbindd, I'll be
happy to put some in.

Thanks,

Tim.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba