Re: Samba, PAM, Authentication off an NT Domain

To: Yuri <yuri@sociol.unimi.it>
Cc: debian-user@lists.debian.org
Subject: Re: Samba, PAM, Authentication off an NT Domain
From: Kent West <westk@acu.edu>
Date: Tue, 10 Dec 2002 09:03:06 -0600
Message-id: <[🔎] 3DF6022A.5000803@acu.edu>
Reply-to: westk@acu.edu
References: <20021209153407.B12737@denver.sociol.unimi.it> <[🔎] 3DF567C4.5070503@acu.edu> <20021210113739.A14046@denver.sociol.unimi.it>

Yuri wrote:

Il giorno Mon, Dec 09, 2002 at 10:04:20PM -0600, Kent West ha scritto:
[...]
I restarted /etc/init.d/samba and /etc/init.d/winbind, and then the"smbpasswd" command as you gave produced an error to use a differentcommand.
try: smbpassword -j ACU -U Administrator


Replies with:

   See 'net rpc join' for this functionality

I'm thinking Sid's version of Samba is too new, and has introduced somesort of incompatibility.


[...]

So I did "net rpc join -U <DOMAIN_ADMIN>", which produced this:

[2002/12/09 21:56:24, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(303)
 cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2002/12/09 21:56:24, 1] libsmb/trust_passwd.c:just_change_the_password(44)
 just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2002/12/09 21:56:24, 1] utils/net_rpc.c:run_rpc_command(156)
 rpc command function failed! (NT_STATUS_ACCESS_DENIED)


Mmmmm...  in win server:

c:> net localgroup "Pre-Windows 2000 Compatible Access" everyone /add(reboot the server)

Uh-oh. I have a "We'll let him have Domain Admin access as long as hedoesn't make waves" sort of privileged account, and I'm not sure thereal sysadmins would go for this. I'll float it by them though.

on my pc: (always the same /etc/*)

- woody samba (2.2.3a-6) = error
- woody + samba 2.2.6 = ok
- sarge (unstable) ? (I didn't try it)
The "getent passwd" and "getent group" commands show me username andgroup names in the ACU domain. However, when I switch over to a secondvirtual terminal and try to log in, I get "Login incorrect". I've triedlogging in as "ACU+snert" (snert is a legitimate user on the ACUdomain), as "snert", and as "westk" (westk is a local account on thebox, and it now fails also, so I better not have a power outage betweennow and when I get this fixed - doh!).
you must use "username" and "password" of your domain account.
(and it works!)

I suggest you to use "stable" woody +samba 2.2.6

I couldn't install it. Some sort of dependency problem. So I just switchto unstable, not realizing there was such a big difference betweenSamba2.2.6 and Sid's samba. I may downgrade and see what happens.

I don't know anything else...  good luck! :)


Thanks very much! At least now I know it CAN work.

Kent

Reply to:

Follow-Ups:
- (LONG) SOLVED (Mostly): Samba, PAM, Authentication off an NT Domain
  - From: Kent West <westk@acu.edu>

References:
- Re: an old message in debian-user
  - From: Kent West <westk@acu.edu>

Prev by Date: Re: phpgroupware setup guide
Next by Date: Re: how to rename multiple files
Previous by thread: Re: an old message in debian-user
Next by thread: (LONG) SOLVED (Mostly): Samba, PAM, Authentication off an NT Domain
Index(es):
- Date
- Thread