[Samba] Winbind: can't log in as domain user
Mike Ely
mike.ely at phoenix.k12.or.us
Fri Oct 31 19:06:37 GMT 2003
On Oct 31, 2003, at 9:59 AM, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mike Ely wrote:
>
> | Basic problem is that domain users can't successfully log
> | into the linux box. I'm trying to set this box up as
> | an ltsp server authenticating against our existing AD
>
> ...
>
> | [libdefaults]
> | default_realm = LTSP.FOO.BAR
> | dns_lookup_realm = false
> | dns_lookup_kdc = true
>
> Did you enable the DNS lookup during compile? If so then you can get
> rid of the [realms] section below.
Unfortunately, no. So I'll have to keep the realms section below I
guess.
>
> |
> | [realms]
> | LTSP.FOO.BAR = {
> ...
>
...
> How are the users/groups laid out in AD?
Well, that problem seems to have gone away - I reboot the machine and
see all my domain users in the KDM loginwindow. wbinfo -u confirms
this.
> | Now, as root, I can change users to any domain user I want to without
> | entering a password, using, for example:
> | su LTSP+fred
> | and "whoami" returns the correct value. However, if I log in as a
> local
> | non-root account and try the same thing, or if I attempt to connect
> | remotely using "ssh -l LTSP+fred" I get a failed password error even
> | though I'm using a known-good password for that account. BIG
> problem #2.
>
> Have you setup pam_winbind.so ?
I have it copied to /lib/security/ where all the pam modules are. Is
there more to setting it up than that?
>
> | I'm sure there's something simple that needs to be changed and all
> will
> | suddenly Just Work. Once that happens, perhaps someone could answer
> | this: how do I automatically map the home directory of a domain user
> to
> | their AD-defined home directory (//ltsp-fs1/staff/fred <-->
> | /home/LTSP/fred, for example)? I want to have no local storage for
> | domain users on the linux box.
>
> See pam_mount.so and smbfs (or patches for the newer cifsvfs).
Thanks, I'll look that up.
Mike
---
[This E-mail scanned for viruses by Declude Virus]
More information about the samba
mailing list