Info on Winbind drastically needed please.

Mark Cooke mark at
Mon Jan 7 13:09:01 GMT 2002

Hi All,

First off I'll start by apologising that this maybe the incorrect list
to ask some of these questions, but If someone could possibly take a
moment to help me out (as Ive tried posting to over samba lists and the
redhat lists), I would be very grateful..

Basically Ive been trying for about 2 weeks to try to get my Linux box
to talk to our PDC on an NT server at work and to be honest It's really
starting to get to me.

I'm using samba-2.2.2-8 from RedHat rawhide on RH 7.1.

I ve installed it correctly and copied over the correct files and edited
my smb.conf as below:


# Winbind configuration
    winbind separator = +
    winbind cache time = 10
    template shell = /bin/bash
    template homedir = /home/%D/%U
    winbind uid = 10000-20000
    winbind gid = 10000-20000

# workgroup = NT-Domain-Name or Workgroup-Name
    workgroup = TUX

# Security mode. Most people will want user level security. See
# security_level.txt for details.
    security = domain

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
    password server = THOR

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
    encrypt passwords = yes
;   smb passwd file = /etc/samba/smbpasswd

Our domain shall we say is called TUX.

In /etc/nsswitch.conf put the following:

passwd:     files winbind
group:      files winbind
Ive managed to get the linux box to join the domain using:

smbpasswd -j TUX -r THOR -U admin.

So then (to keep things simple), altered /etc/pam.d/login to read
(I am at the console trying to login):

auth       required     /lib/security/
auth       required     /lib/security/
auth       sufficient   /lib/security/
auth       required     /lib/security/ use_first_pass shadow
account required /lib/security/
#account    required     /lib/security/ service=system-auth
password   required     /lib/security/ service=system-auth
session    required     /lib/security/ service=system-auth
session    required     /lib/security/

then I started winbindd and also both samba services.

I can list all the NT Domasin users using:getent passwd and getent group

but, when I try to login, it authenticicates ok (after checking
/var/log/.messages), but after typing in hte password, it brings up the
issue screen, then very quickly an error about not being able to create
the users directory (but nothing is displayed in the logs at all)
It logs in o.k, and displays the issue msg and then logs me out straight
Also there is nothing related to this in the samba logs either.

Jan  7 10:08:07 scaramanga pam_winbind[22583]: user 'TUX+admin' granted
Jan  7 10:08:07 scaramanga pam_winbind[22583]: user 'TUX+admin' granted
Jan  7 10:08:07 scaramanga login(pam_unix)[22583]: session opened for
user TUX+admin by LOGIN(uid=0)
Jan  7 10:08:07 scaramanga  -- TUX+admin[22583]: LOGIN ON tty1 BY
Jan  7 10:08:07 scaramanga login(pam_unix)[22583]: session closed for
user TUX+admin

Again Iam sorry if this is the wrong list,but I figured that being the
developers list hopefully someone could help he out, as someone would
have abit more knowledge of how winbind works here.

The way I can see it is that once you logged in then samba should create
the directorys for you, ie /home/TUX/admin in this case

rather than manually creating them before the user logs in.

Thanks in Advnace 



        A penguin a day keeps the fatal exceptions away...
                              Registered Linux User: 208939
                             	Licq: 119422259

More information about the samba-technical mailing list