[Samba] winbindd logon still requires Unix user id

Brett Stevens brett.stevens at hubbub.com.au
Wed Mar 31 23:25:34 GMT 2004 

If you are trying to authenticate against Active Director, try the following

Change security to ADS
Remove auth methods
Add a realm = that equals your ad domain name such as
this.domain.com.whatever


Check your /etc/krb5.conf
It should have at a minimum


[libdefaults]
        default_realm = THIS.DOMAIN.COM.WHATEVER
        


[realms]
        THIS.DOMAIN.COM.WHATEVER = {
                kdc = ip.of.your.ad
#               admin_server = ip.of.your.ad
#               passwd_server = ip.of.your.ad
        }
[domain_realm]
        .this.domain.com.whatever = THIS.DOMAIN.COM.WHATEVER
        this.domain.com.whatever = THIS.DOMAIN.COM.WHATEVER


[logging]
        default = SYSLOG:NOTICE:DAEMON
        kdc = FILE:/var/log/kdc.log
        kadmind = FILE:/var/log/kadmind.log

[appdefaults]
        pam = {
                ticket_lifetime = 36000
                renew_lifetime = 36000
                forwardable = true
                retain_after_close = false
                debug = true


Also check your /etc/nsswitch
 it should have the passwd and the group with
Files winbind


Good luck

Brett Stevens

> From: "Fletcher, Stephen P" <SFletcher at unumprovident.com>
> Date: Wed, 31 Mar 2004 12:42:49 -0500
> To: <samba at lists.samba.org>
> Subject: [Samba] winbindd logon still requires Unix user id
> 
> I'm running Samba 3.0.2a (UCLA binaries) on AIX 5.2. The net command
> worked fine and joined a win 2k domain.
> 
> The wbinfo -u and wbinfo -g work great. However, all connections fail
> unless the user id exists on the AIX machine.
> 
> I can bypass the problem by using username map and a dummy account
> "bozo". Here's a section of the Configuration
> 
> 
> 
> # Samba config file created using SWAT
> 
> # from 10.23.20.63 (10.23.20.63)
> 
> # Date: 2004/03/30 14:05:38
> 
> 
> 
> # Global parameters
> 
> [global]
> 
>           workgroup = UPITS
> 
>           security = DOMAIN
> 
>           auth methods = winbind
> 
>           allow trusted domains = No
> 
>           password server = chaadsits01
> 
>           username map = /usr/local/private/usermap.txt
> 
>           log level = 2
> 
>           preferred master = No
> 
>           local master = No
> 
>           domain master = No
> 
>           ldap ssl = no
> 
>           idmap uid = 80000-90000
> 
>           idmap gid = 90001-99000
> 
>           template homedir = /samba/home
> 
>           template shell = /bin/ksh
> 
>           winbind separator = +
> 
> 
> 
> Here are the entries from the usermap.txt file:
> 
> 
> 
> # all windows user names translate to a Unix ID.
> 
> 
> 
> bozo = Richard Brent
> 
> steve = Mike Shawn
> 
> 
> 
> I can't figure out what I'm doing wrong. Please help!
> 
> 
> 
>                             S.
> 
> 
> 
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list