winbindd - auth problem, default domain

Rob Newberry rob at host3.grouplogic.com
Sat Dec 8 12:55:05 GMT 2001 

I downloaded RPMs for samba-2.2.2, and am trying to use winbindd.

I'm getting pretty close, but ran into a problem that I'd like to get help
on.  I realize this are somewhat user-mode questions, but I'm a programmer
and would LIKE to have a technical response so I'll understand what's
going wrong.



Problem #1 - authorization: NT_STATUS_NO_TRUST_SAM_ACCOUNT

The first problem I have is that authorization for my test is not working 
-- I'm using ssh as my test.  If I try the following from another machine:

	ssh -l OURDOMAIN\\myusername host

I get asked for my password, but when I give it, it fails.  I have run 
winbindd with debugging, and this is the error being generated:

	NT_STATUS_NO_TRUST_SAM_ACCOUNT

I can provide the entire debugging log if needed, but I thought someone 
might be able to help me with just this information.




Problem #2 - default domain (for sendmail)

This may be more of a feature request.  With winbindd runnning, I can send 
email to "OURDOMAIN\\username at ourdomain.com" and it works -- sendmail 
delivers the mail locally to a file called "ourdomainusername".  However, 
what I'd really like to do is have winbindd work in conjunction with 
sendmail to have a 'default domain' (in fact, I don't need it to be just 
for sendmail -- I'd be happy if it was with all programs).  In this 
situation, if I sent email to 'username at ourdomain.com', winbindd would 
look up username in OURDOMAIN and just work.

In a nutshell, I would like to have a Linux box running:

	sendmail, pop and imap servers
	nmbd and winbindd
	no local users (except system accounts)

This machine would receive email of the form "user at domain.com", where all
users are retrieved from a default domain, hosted on a PDC.

Now, it might be possible to make this sort of work with the
$WINBINDD_DOMAIN environment variable.  If it can, please explain how --
I'm confused by how to use this environment variable in a daemon process
(in this case, sendmail, but in general, any other daemon).

It seems to me that something like this would be a nice addition to the 
smb.conf file.  I'm a programmer, and am willing to work on this if folks 
give me a wee little bit of direction.




I feel like I'm very, very, very close to having this work.  If I could do
so, I should be able to keep Linux in our company and stop my management
from demanding a Win2K-based email solution.

Thanks a ton.

Rob

More information about the samba-technical mailing list