[Samba] Upgraded to 3.5.8 local users unable to log in AD users can
Alfanoid
aford at stanwell.com
Tue Mar 15 16:32:08 MDT 2011
Daniel Müller <mueller <at> tropenklinik.de> writes:
>
> You system was trying to authenticate with winbind!?
> Did Winbind run is your smb.conf configuration to interact with winbind?
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller <at> tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces <at> lists.samba.org [mailto:samba-bounces <at>
lists.samba.org] Im
> Auftrag von Alfanoid
> Gesendet: Dienstag, 15. März 2011 01:39
> An: samba <at> lists.samba.org
> Betreff: [Samba] Upgraded to 3.5.8 local users unable to log in AD users can
>
> Hi all,
>
> Upgraded Samba on RHEL5 from 3.0.33 to 3.5.8 from an rpm. Have an issue
> where AD
> users can connect to the linux box but local unix accounts cannot.
>
> We are using PAM not kerberos.
>
> After much looking and trail and error. I commented out this line in the
> /etc/pam.d/system-auth file and it works. Why???
>
> account required pam_unix.so broken_shadow
> account sufficient pam_succeed_if.so uid < 500 quiet
> #account [default=bad success=ok user_unknown=ignore] pam_winbind.so
> account required pam_permit.so
>
> I'm not really ofay with how the whole authentication works.
>
> Thanks!!
>
Yes to all of the above.
Upgraded from a working Samba 3.0.33-3.28.el5.
Here is the pertinent smb.conf section
workgroup = STANWELL
password server = dc2dc01.stanwell.com dc1dc01.stanwell.com
realm = STANWELL.COM
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
More information about the samba
mailing list