[Samba] Winbindd+W2K+NT+Pam+Samba 2.2.3a+Solaris

[Adcock, Christine M.]

Hi -

I have been attempting to set up Samba to do authentication against a
Windows 2K Domain Controller as well as NT PDCs. I have installed Winbindd,
Samba, and compiled with PAM and updated my smb.conf, pam.conf file and the
other stuff in the installation guide. The objective of all of this is to
allow an application running on top of Solaris to authenticate the users
logging into the application against an Active Directory or NT domain. 

We do not want to maintain any of these users as UNIX accounts or even Samba
accounts if we can help it. When I read through the man pages and HowTo
documentation it at first seemed that this was possible using Winbindd and
PAM. Upon closer investigation it looks like the users must have UNIX
accounts and smbpasswd accounts to enable the challenge/response
authentication - is this true? 

I am also confused as to whether PAM is relevant since the majority of
documentation states that it only works with clear-text passwords and W2K
and NT require passwords to be encrypted. Can someone elaborate on this
relationship please? I am about ready to give up and say that this cannot be
done.

BTW - I can run through the DIAGNOSIS.txt tests successfully up to Test 7
and the user accounts I am testing with are valid in AD. In addition, I have
read through many of the mailing list postings and the error I get back on
test seven is the same as many others - NT_STATUS_LOGON_FAILURE, the log
says  - auth2 challenge failed - NT_STATUS_ACCESS_DENIED.

Thanks in advance for your help - 

Christine Adcock
Content Management Team

BV Solutions Group, Inc.
10950 Grandview Drive
Overland Park, Kansas 66210
(913)458-2332
mailto:adcockcm at bvsg.com <mailto:adcockcm at bvsg.com>