[Samba] Unable to authenticate NT4 users through AD via 2 way trust

Roy roy.crombleholme at lancsngfl.ac.uk
Thu Oct 4 07:49:56 GMT 2007 

Hi there, my first post to the lists!

*Environment: *
Linux RHEL4 x86_64 kernel 2.6.9-42
Samba 3.0.25b-0.4E.5

I am using winbind.  My server is joined to an AD domain which has a two 
way trust with an NT4 domain.

This is the only linux box in the windows domain.

I am trying to login with NT4 domain user.

*From login prompt:*
I can log in using an AD user.
I CANNOT log in using an NT4 user even though the 2 way trust is 
established.

*From root user:*
I can su - to both AD and NT4 users as no password needed.

If I try logging in as NT4 user and I enter the correct password the 
prompt returns "su: incorrect password"
If I try logging in as NT4 user and I enter the INCORRECT password the 
prompt returns 2 lines. "Wrong password" and "su: incorrect password"

My smb.conf

[global]
     workgroup = AD
     realm = AD.DOMAIN
     netbios name = LNXSAMBA
     server string = Samba Server
     interfaces = eth0
     security = ADS
     password server = server.ad.domain
     log level = 1
     log file = /var/log/samba/%m.log
     max log size = 0
     smb ports = 139
     name resolve order = wins bcast hosts
     preferred master = No
     local master = No
     domain master = No
     winbind separator = +
     dns proxy = No
     wins server = 10.100.3.51
     winbind enum users = yes
     winbind enum groups = yes
     idmap uid = 10000-65000
     idmap gid = 10000-65000
     template homedir = /home/NTUsers/%D/%U
     template shell = /bin/bash
     winbind use default domain = no

Should I be able to authenticate NT users through the AD trust using the 
ADS security method?

Could the problem lie in my pam.d configuration files?

This is my first foray into the world of Samba so if you need any more 
info please let me know.

Thanks

Roycrom

***************************************************************************
This e-mail is confidential and privileged.  If you are not the intended
recipient do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its content.
***************************************************************************

***************************************************************************
This email has been checked for known viruses. 
***************************************************************************

More information about the samba mailing list