[Samba] using pam_winbind to authenticate against AD/krb - solved

[Greg Albrecht]

problem solved, in the howto there was this line in smb.conf:

  idmap backend = idmap_rid:IRTNOG=10000-100000

which i didn't realize was specific to IRTNOG's domain, i changed it to 
my domain, restarted samba/winbindd, and everything works.

-g

Greg Albrecht wrote:
> hey all,
> after following the directions in the
> "FreeBSD Active Directory Domain Member Mini-HOWTO"
> http://web.irtnog.org/howtos/freebsd/winbind
> 
> i am able to get my machine to the point where i can query users with 
> 'wbinfo':
> 
>  $ wbinfo -u|grep galbrecht
>  galbrecht
> 
> i am unable, however, to login to my machine using any service, telnet 
> for example:
> 
>  $ telnet -K localhost
>  Connected to localhost
>  FreeBSD/i386 (albany.undef.net) (ttyp7)
>  login: galbrecht
>  Password: ******
>  login:
> 
> my /var/log/messages shows:
>  ... albany pam_winbind[15753]: user 'galbrecht' granted access
>  ... albany login[15753]: pam_acct_mgmt(): error in service module
> 
> if i attempt to login with a username that does not exist, in either ad 
> or local pwd, /var/log/messages shows:
>  ... albany pam_winbind[15825]: request failed: No such user, PAM error 
> was 13, NT error was NT_STATUS_NO_SUCH_USER
>  ... albany pam_winbind[15825]: user `greg' not found
> 
> i've attempted to enable debugging with pam_winbind in my 
> /etc/pam.d/system configuration, which doesn't seem to have an effect, 
> but i've done a -d10 dump, if that would be useful to anyone.
> 
> save for my domain, my configuration matches that of the webpage sited 
> above.
> 
> any ideas?
> 
> -g
> 

-- 
Greg Albrecht (gba at undef.net) * -0700 GMT/UTC
http://undef.net * +1 213 447 3089