我最初可以通过以下命令将一个linux盒子join到域中:
sudo kinit [email protected] sudo net ads join -k
几个小时后或第二天,发生这种情况:
user@host:~$ sudo wbinfo -a administrator Enter administrator's password: plaintext password authentication failed Could not authenticate user administrator with plaintext password Enter administrator's password: challenge/response password authentication failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) error message was: Access denied Could not authenticate user administrator with challenge/response
这些命令一直按预期工作: sudo wbinfo -t sudo wbinfo -u sudo wbinfo -g sudo wbinfo -i administrator
Samba版本4.2.5-SerNet-Ubuntu-8.trusty,这里是我的smb.conf
[global] workgroup=WINDOWS security=ads realm=WINDOWS.xxCOM domain master=no local master=no preferred master=no load printers=no printing=bsd printcap name=/dev/null disable spoolss=yes idmap backend=tdb idmap uid=10000-99999 idmap gid=10000-99999 idmap config WINDOWS:backend=rid idmap config WINDOWS:range=10000-9999 winbind enum users=yes winbind enum groups=yes winbind use default domain=yes winbind nested groups=yes winbind refresh tickets=yes winbind offline logon=yes template shell=/bin/false client use spnego=yes client ntlmv2 auth=yes encrypt passwords=yes restrict anonymous=2 log file=/var/log/samba/samba.log log level=2 dcerpc endpoint servers=remote
没有什么有用的日志:(
[2015/11/25 15:26:23.524927, 2] ../source3/libsmb/cliconnect.c:1306(cli_session_setup_kerberos_send) Doing kerberos session setup [2015/11/25 15:26:23.532756, 2] ../source3/winbindd/winbindd_pam.c:2016(winbind_dual_SamLogon) NTLM CRAP authentication for user [WINDOWS]\[administrator] returned NT_STATUS_ACCESS_DENIED
任何帮助赞赏