winbindd - auth problem, default domain
Rob Newberry
rob at host3.grouplogic.com
Sat Dec 8 12:55:05 GMT 2001
I downloaded RPMs for samba-2.2.2, and am trying to use winbindd.
I'm getting pretty close, but ran into a problem that I'd like to get help
on. I realize this are somewhat user-mode questions, but I'm a programmer
and would LIKE to have a technical response so I'll understand what's
going wrong.
Problem #1 - authorization: NT_STATUS_NO_TRUST_SAM_ACCOUNT
The first problem I have is that authorization for my test is not working
-- I'm using ssh as my test. If I try the following from another machine:
ssh -l OURDOMAIN\\myusername host
I get asked for my password, but when I give it, it fails. I have run
winbindd with debugging, and this is the error being generated:
NT_STATUS_NO_TRUST_SAM_ACCOUNT
I can provide the entire debugging log if needed, but I thought someone
might be able to help me with just this information.
Problem #2 - default domain (for sendmail)
This may be more of a feature request. With winbindd runnning, I can send
email to "OURDOMAIN\\username at ourdomain.com" and it works -- sendmail
delivers the mail locally to a file called "ourdomainusername". However,
what I'd really like to do is have winbindd work in conjunction with
sendmail to have a 'default domain' (in fact, I don't need it to be just
for sendmail -- I'd be happy if it was with all programs). In this
situation, if I sent email to 'username at ourdomain.com', winbindd would
look up username in OURDOMAIN and just work.
In a nutshell, I would like to have a Linux box running:
sendmail, pop and imap servers
nmbd and winbindd
no local users (except system accounts)
This machine would receive email of the form "user at domain.com", where all
users are retrieved from a default domain, hosted on a PDC.
Now, it might be possible to make this sort of work with the
$WINBINDD_DOMAIN environment variable. If it can, please explain how --
I'm confused by how to use this environment variable in a daemon process
(in this case, sendmail, but in general, any other daemon).
It seems to me that something like this would be a nice addition to the
smb.conf file. I'm a programmer, and am willing to work on this if folks
give me a wee little bit of direction.
I feel like I'm very, very, very close to having this work. If I could do
so, I should be able to keep Linux in our company and stop my management
from demanding a Win2K-based email solution.
Thanks a ton.
Rob
More information about the samba-technical
mailing list