Hello Robert, Kris.
I have tried with client ntlmv2 auth = yes but I'm still getting the problem.
This is output from the messages log;
Feb 2 16:32:26 udcsp03 winbindd[1]: [2010/02/02 16:32:26, 0]
rpc_client/cli_pipe.c:cli_pipe_verify_schannel(354)
Feb 2 16:32:26 udcsp03 winbindd[1]: cli_pipe_verify_schannel: auth_len
56.
Above Startup
Feb 2 16:32:26 udcsp03 winbindd[20007]: [2010/02/02 16:32:26, 0]
nsswitch/idmap.c:smb_register_idmap(146)
Feb 2 16:32:26 udcsp03 winbindd[20007]: Idmap module rid already registered!
Feb 2 16:32:26 udcsp03 winbindd[20007]: [2010/02/02 16:32:26, 0]
lib/module.c:do_smb_load_module(69)
Feb 2 16:32:26 udcsp03 winbindd[20007]: Module
'/usr/lib64/samba/idmap/rid.so' initialization failed:
NT_STATUS_OBJECT_NAME_COLLISION
The above is from when I do wbinfo -g or wbinfo -u
Feb 2 16:33:07 udcsp03 winbindd[1]: [2010/02/02 16:33:07, 0]
rpc_client/cli_pipe.c:rpc_api_pipe(790)
Feb 2 16:33:07 udcsp03 winbindd[1]: rpc_api_pipe: Remote machine
INFRADC06.sweinfra.se pipe \NETLOGON fnum 0x8008returned critical error. Error
was NT_STATUS_PIPE_DISCONNECTED
And above the main problem, wbinfo -a domainuser%password
I'm attaching my smb.conf.
/JB
> -Original Message-
> From: Robert Freeman-Day [mailto:pres...@gmail.com]
> Sent: den 2 februari 2010 15:31
> To: Kris Kaido
> Cc: Bergstrom Johan; samba@lists.samba.org
> Subject: Re: [Samba] Samba/winbind with Active Directory auth
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Kris and Johan,
>
> Both of you have not appended your smb.conf files. Maybe doing that
> would help as well.
>
> - From what I am seeing, the pam stack Kris gave was authenticating via
> winbind which would use either plaintext, lanman, ntlm or ntlmv2 and not
> configured to authenticate using kerberos. The plaintext password
> authentication is pretty insecure and this is what I suspect your setup
> is attempting to use. Win 2008 has that disabled by default as well as
> (afaik) lanman and ntlm. If you plan on using winbind to authenticate,
> you will likely need to add the following directive in the [global]
> section of your smb.conf file:
>
> client ntlmv2 auth = yes
>
> You may then need to restart winbindd and smbd (hell, you could restart
> the whole machine if you felt like it). Tell us if this works out for
> you.
>
>
> Volker Lendecke wrote:
> > On Tue, Jan 19, 2010 at 08:23:45AM +0400, Alexander R. Fahrutdinov
> wrote:
> >> В сообщении от Понедельник 18 января 2010 19:33:00 автор Kris Kaido
> написал:
> >>> Hi List,
> >>>
> >>> I'm installing a Samba server with the intended purpose of serving
> files to
> >>> Windows users with seamless authentication on the smb server.
> >>> For that, I've been reading and following every single google search
> result
> >>> regarding the subject, but it seems I'm stuck at some point where
> other
> >>> people are not blocked ...
> >>>
> >>> To summarize, I have these commands OK:
> >>> # kinit admin_u...@domain.example.com
> >>> # klist (ticket ok)
> >>> # net join ads -S server -U admin_user
> >>> # wbinfo -u and -g (both showing "DOMAIN\...")
> >>> # wbinfo -t (succeeded)
> >>
> >> Try to use Kerberos auth (wbinfo -K login%pass). It's possible, Windows
> PDC
> >> does not support NT-style auth via pipe. Also, try 'nt pipe support =
> no'
> >> option in smb.conf file.
> >
> > ???
> >
> > nt pipe support = no
> >
> > is extremely unlikely to ever help these days.
> >
> > Volker
> >
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAktoNyMACgkQup357T5MfTZZQACfddZOp6HuFaC7yQ4ccQY3s/Gx
> DqQAn3/1pdGzOj+LnnNEFNiabeMff/Qq
> =F63l
> -END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba