[Samba] winbindd logon still requires Unix user id
Brett Stevens
brett.stevens at hubbub.com.au
Wed Mar 31 23:25:34 GMT 2004
If you are trying to authenticate against Active Director, try the following
Change security to ADS
Remove auth methods
Add a realm = that equals your ad domain name such as
this.domain.com.whatever
Check your /etc/krb5.conf
It should have at a minimum
[libdefaults]
default_realm = THIS.DOMAIN.COM.WHATEVER
[realms]
THIS.DOMAIN.COM.WHATEVER = {
kdc = ip.of.your.ad
# admin_server = ip.of.your.ad
# passwd_server = ip.of.your.ad
}
[domain_realm]
.this.domain.com.whatever = THIS.DOMAIN.COM.WHATEVER
this.domain.com.whatever = THIS.DOMAIN.COM.WHATEVER
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
retain_after_close = false
debug = true
Also check your /etc/nsswitch
it should have the passwd and the group with
Files winbind
Good luck
Brett Stevens
> From: "Fletcher, Stephen P" <SFletcher at unumprovident.com>
> Date: Wed, 31 Mar 2004 12:42:49 -0500
> To: <samba at lists.samba.org>
> Subject: [Samba] winbindd logon still requires Unix user id
>
> I'm running Samba 3.0.2a (UCLA binaries) on AIX 5.2. The net command
> worked fine and joined a win 2k domain.
>
> The wbinfo -u and wbinfo -g work great. However, all connections fail
> unless the user id exists on the AIX machine.
>
> I can bypass the problem by using username map and a dummy account
> "bozo". Here's a section of the Configuration
>
>
>
> # Samba config file created using SWAT
>
> # from 10.23.20.63 (10.23.20.63)
>
> # Date: 2004/03/30 14:05:38
>
>
>
> # Global parameters
>
> [global]
>
> workgroup = UPITS
>
> security = DOMAIN
>
> auth methods = winbind
>
> allow trusted domains = No
>
> password server = chaadsits01
>
> username map = /usr/local/private/usermap.txt
>
> log level = 2
>
> preferred master = No
>
> local master = No
>
> domain master = No
>
> ldap ssl = no
>
> idmap uid = 80000-90000
>
> idmap gid = 90001-99000
>
> template homedir = /samba/home
>
> template shell = /bin/ksh
>
> winbind separator = +
>
>
>
> Here are the entries from the usermap.txt file:
>
>
>
> # all windows user names translate to a Unix ID.
>
>
>
> bozo = Richard Brent
>
> steve = Mike Shawn
>
>
>
> I can't figure out what I'm doing wrong. Please help!
>
>
>
> S.
>
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list