[Samba] Winbind breaking my head ...
abartlet at dp.samba.org
abartlet at dp.samba.org
Mon Sep 16 11:24:01 GMT 2002
On Mon, Sep 16, 2002 at 12:28:21PM +0100, Ash Green wrote:
> Hi,
>
> I've been fighting with winbind for about 3 weeks now trying to get the
> damn thing to work properly, and I'm within a gnat's whisker of getting
> it going, but there's something I'm missing. Please - has someone got
> winbind working out there?!?!
>
> I'm running a RH 7.3, with the latest version of Samba from samba.org
> installed, and the installation included the -with-winbind flag.
>
> I can retrieve user & group lists from my NT4 PDC, but when I try to
> authenticate via wbinfo I get :
>
> [ash at LTSP ash]$ wbinfo -a DOMAIN+test%tester
> plaintext password authentication succeeded
> challenge/response password authentication failed
> Could not authenticate user DOMAIN+test%tester with challenge/response
> (I'm slightly worried about that first entry, as smb.conf has encrypted
> passwords=yes
)
That's not an issue.
> And (nearly done) the dump in the messages file gives me :
> Sep 16 09:43:29 LTSP pam_winbind[23713]: user 'DOMAIN+test' granted
> access
> Sep 16 09:43:29 LTSP login[23713]: Permission denied
>
> It seems as though the winbind part is working fine, but some of the
> following modules are forcing it to reject the login. I've toyed with
> using the 'optional' flags on the pam_stack and pam_unix.so auth
> statements, but just succeeded in locking myself out.
>
> Any ideas? I've got this demon lab that's working ace, but can't let
> the kids onto it yet as I've no time to manage 2 sets of login details.
>
> The only other thought I had at the end of last week was whether my PDC
> was supporting challenge/response - although I am led to believe that
> this is the default for NT. I've double checked and this seems to be
> working fine.
Do you have winbind listed in your nsswtich.conf?
Andrew Bartlett
More information about the samba
mailing list