[samba] [SOLVED] Re: Active Directory authentication stopped working

Dan O'Brien dobrien на xanboo.com
Ср Май 23 01:42:23 MSD 2007 

Thanks for responding, After days of banging my head against my desk
we've managed to find the cause of the issue. The problem was in the
group policy on the domain controllers, under "Default Domain Controller
Security Settings" -> Local Policies -> Security Options":
Allow anonymous SID/Name translation:  Was set to disabled
Do not allow anonymous enumeration of SAM accounts and Shares: Was Enabled

Once we changed these (and disabled the "No Override" bit on the default
 domain policy). Everything started working again.

Hope this helps someone else.

Regards,
Dan

Andrii Dobrovol`s`kii wrote:
> Dan O'Brien пишет:
>> Hello all,
>>
>> I have 3 Linux boxes all authenticating against 2 Windows 2003 domain
>> controllers. Each Linux box is running a different Linux and samba version:
>>
>> Box1: CentOS 3.4 3.0.25-7
>> Box2: CentOS 4.4 3.0.10-1
>> Box3: CentOS 5   3.0.23c-2
>>
>> Their smb.conf and krb5.conf files are all identical (below). A few days
>> ago authentication stopped working and my /var/log/messages fills up
>> with "signing_good: BAD SIG: seq 1" and "SMB Signature verification
>> failed on incoming packet!" errors. When someone tries to log into one
>> of the machines i get an "internal module error" and
>> "NT_STATUS_LOGON_TYPE_NOT_GRANTED" messages.
>>
>> I've been on this for 2 full days now, I've tried everything I could
>> think of. Any help would be appreciated.
>>
>>
>> Regards,
>> Dan O'Brien
>>
>> (conf files and messaeges below)
>>
>>
>>
>> /var/log/messages
>> ...
>> failed on incoming packet!
>> May 21 16:58:13 scandium pam_winbind[17827]: request failed:
>> NT_STATUS_LOGON_TYPE_NOT_GRANTED, PAM error was 4, NT error was
>> NT_STATUS_LOGON_TYPE_NOT_GRANTED
>> May 21 16:58:13 scandium pam_winbind[17827]: internal module error
>> (retval = 4, user = `user'
>>
> May be, you have a problem with pam?
>> [appdefaults]
>>  pam = {
>>    debug = false
>>    ticket_lifetime = 36000
>>    renew_lifetime = 36000
>>    forwardable = true
>>    krb4_convert = false
>>  }
>>
> You tried "debug = true"?
> Or there can be something has changed on the controllers?
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Samba mailing list
> Samba на lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/samba

Подробная информация о списке рассылки Samba