我最初可以使用以下命令将 Linux 机器加入到域中:
sudo kinit [email protected]
sudo net ads join -k
几个小时后或第二天,发生了以下情况:
user@host:~$ sudo wbinfo -a administrator Enter administrator's password: plaintext password authentication failed Could not authenticate user administrator with plaintext password Enter administrator's password: challenge/response password authentication failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) error message was: Access denied Could not authenticate user administrator with challenge/response
这些命令始终按预期工作:
sudo wbinfo -t sudo wbinfo -u sudo wbinfo -g sudo wbinfo -i administrator
Samba 版本 4.2.5-SerNet-Ubuntu-8.trusty,这是我的 smb.conf
[global] workgroup=WINDOWS security=ads realm=WINDOWS.x.x.COM domain master=no local master=no preferred master=no load printers=no printing=bsd printcap name=/dev/null disable spoolss=yes idmap backend=tdb idmap uid=10000-99999 idmap gid=10000-99999 idmap config WINDOWS:backend=rid idmap config WINDOWS:range=10000-9999 winbind enum users=yes winbind enum groups=yes winbind use default domain=yes winbind nested groups=yes winbind refresh tickets=yes winbind offline logon=yes template shell=/bin/false client use spnego=yes client ntlmv2 auth=yes encrypt passwords=yes restrict anonymous=2 log file=/var/log/samba/samba.log log level=2 dcerpc endpoint servers=remote
日志中没有任何有用的信息:(
[2015/11/25 15:26:23.524927, 2] ../source3/libsmb/cliconnect.c:1306(cli_session_setup_kerberos_send) Doing kerberos session setup [2015/11/25 15:26:23.532756, 2] ../source3/winbindd/winbindd_pam.c:2016(winbind_dual_SamLogon) NTLM CRAP authentication for user [WINDOWS]\[administrator] returned NT_STATUS_ACCESS_DENIED
任何帮助表示感谢