Ubuntu client NT_STATUS_WRONG_PASSWORD

activedirectory

(Ralph) #1

Hi,
I joined an Ubuntu Desktop to the AD domain. Now I want to have pam_mount mount the user’s home directory when a user logs in.
The home directories reside on a NS7 file server which is joined to the AD domain as well. But the pam_mount does not work.
When a user logs in, the attempt to automatically mount his home directory fails, and the file server reports:
“domain_client_validate: unable to validate password for user xx@ad.xy.de in domain to Domain controller DC.AD.XY.DE.
Error was NT_STATUS_WRONG_PASSWORD”.
I tried various options like “sec=ntlmv2” or “sec=ntlmssp”, nothing helps. The login itself succeds but not the mount process.
The Nethserver-dc is version 1.5.1-1.ns7.
Any help appreciated.

Ralph


(fpausp) #2

Maybe this HowTo can help:

HowTo join xUbuntu 16.04 Desktop to NethServer-7 AD and automount ServerHomeDir


(Ralph) #3

Thanks for the hint. But I saw that before, of course. And the volume definition here is mostly taken from that HowTo.
I also found this:


That described exactly the same error. But it was due to a bug, obviously, in a much older Nethserver-DC version.


(Michael Träumner) #4

@davidep Do you have an idea?


(Davide Principi) #5

It was classified as #bug because of the expected results from the upgrade/migration procedure. However the fix was for migrated/upgraded systems, not for newly a installed NethServer. That’s because the NTLM auth is unsecure and should not be used for security reasons.

Haven said that, you can try to downgrade your authentication protocols (at your risk) to see if it solves your issue (perhaps the Ubuntu smb/cifs kernel module does not support other auth protocols?).

  1. Add this line to /var/lib/machines/nsdc/etc/samba/smb.conf:

    [global]
    ntlm auth = yes
    
  2. Restart Samba DC service

    systemctl restart -M nsdc samba