Inicialmente posso juntar uma caixa linux ao domínio com estes comandos:
sudo kinit [email protected]
sudo net ads join -k
Depois de algumas horas ou no dia seguinte, isso acontece:
user@host:~$ sudo wbinfo -a administrator
Enter administrator's password:
plaintext password authentication failed
Could not authenticate user administrator with plaintext password
Enter administrator's password:
challenge/response password authentication failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
error message was: Access denied
Could not authenticate user administrator with challenge/response
Esses comandos funcionam como esperado o tempo todo:
sudo wbinfo -t
sudo wbinfo -u
sudo wbinfo -g
sudo wbinfo -i administrator
Samba Versão 4.2.5-SerNet-Ubuntu-8.trusty, aqui está o meu smb.conf
[global]
workgroup=WINDOWS
security=ads
realm=WINDOWS.x.x.COM
domain master=no
local master=no
preferred master=no
load printers=no
printing=bsd
printcap name=/dev/null
disable spoolss=yes
idmap backend=tdb
idmap uid=10000-99999
idmap gid=10000-99999
idmap config WINDOWS:backend=rid
idmap config WINDOWS:range=10000-9999
winbind enum users=yes
winbind enum groups=yes
winbind use default domain=yes
winbind nested groups=yes
winbind refresh tickets=yes
winbind offline logon=yes
template shell=/bin/false
client use spnego=yes
client ntlmv2 auth=yes
encrypt passwords=yes
restrict anonymous=2
log file=/var/log/samba/samba.log
log level=2
dcerpc endpoint servers=remote
Nada útil nos logs: (
[2015/11/25 15:26:23.524927, 2] ../source3/libsmb/cliconnect.c:1306(cli_session_setup_kerberos_send)
Doing kerberos session setup
[2015/11/25 15:26:23.532756, 2] ../source3/winbindd/winbindd_pam.c:2016(winbind_dual_SamLogon)
NTLM CRAP authentication for user [WINDOWS]\[administrator] returned NT_STATUS_ACCESS_DENIED
Qualquer ajuda apreciada