Hi guys,

I have a strange problem. I can authenticate a user with wbinfo from
my domain controller (security =3D ads), however when I try and map a
share, the authentication fails. i.e.

# wbinfo -a 'COAL+bcanglo%bcpass'
plaintext password authentication succeeded
challenge/response password authentication succeeded

# smbclient '\\xxxxxxx\timtest' -U 'COAL\bcanglo' bcpass
added interface ip=3D10.xxx.xxx.101 bcast=3D10.xxx.xxx.255 nmask=3D255.255.=
Client started (version 3.0.14a based HP CIFS Server A.02.02).
Connecting to 10.xxx.xxx.101 at port 445
session setup failed: NT_STATUS_LOGON_FAILURE

Note: That share definately exists.

I'm running winbindd in debug mode and I can see both commands talk to
winbind and both attempt to talk to the domain controller. Yet
wbinfo works fine, and smbclient fails with this:

add_trusted_domain: COAL is an ADS native mode domain
[ 2547]: request interface version
[ 2547]: request location of privileged pipe
[ 2547]: getpwnam coal+bcanglo
ads: fetch sequence_number for COAL
sys_gethostbyname: Unknown host. \\10.xx.xx.101
ads_connect for domain COAL failed: No such file or directory
user 'bcanglo' does not exist
[ 2547]: getpwnam COAL+bcanglo
user 'bcanglo' does not exist
[ 2547]: getpwnam COAL+BCANGLO
user 'BCANGLO' does not exist

...and smbd debug says:

check_ntlm_password: Authentication for user [bcanglo] -> [bcanglo]

.....which makes no sense, because the user DEFINATELY exists, and the
winbindd/krb/ldap stuff is DEFINATELY set up and working:

# wbinfo -n 'COAL+bcanglo'
S-1-5-21-1955927045-6xxxxxxxx-239210854-5002 User (1)
# wbinfo -n 'COAL+BCANGLO'
S-1-5-21-1955927045-6xxxxxxxx-239210854-5002 User (1)

Now, interestingly if I use smbclient and intentionally get the
password wrong, smbd says this:

check_ntlm_password: Authentication for user [bcanglo] -> [bcanglo]

Busted! So I know its talking to the domain controller, and I know
that it knows the user exists.

Note: The COAL domain is a trusted domain:

# wbinfo -m

I'm running the latest HP-UX packages and recommended libraries, so
this version of Samba is:

# smbd -V
Version 3.0.14a based HP CIFS Server A.02.02

So why can I test out a username/password with wbinfo, but get "User
does not exist" when I try and map a share with smbclient?

If you need more verbose debug output from smbd or winbindd, I'll be
happy to put some in.


To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba