Winbind/RH7.1...More Help

Winston Nimchan Winston_Nimchan at trinsys.com
Mon Oct 22 13:38:35 GMT 2001 

My problem seems to be:

unable to setup the PDC credenntials to machine <Domain Controller>
Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT

It tries to authenticate against each of my domain controllers and fails

Does this seem fimilair

Regards

Winston Nimchan

-----Original Message-----
From: Sean Trammell [mailto:strammell at siumed.edu]
Sent: Monday, October 22, 2001 4:00 PM
To: Winston Nimchan
Cc: samba at lists.samba.org
Subject: Re: Winbind/RH7.1...More Help


The reason for using winbind is so that you do not have to duplicate
accounts on the local machine.  smbpasswd is not used at all on my
system.  I believe that when you use winbind, authentication is passed
onto your existing system(s), defined in 'password server'.

You have to be getting log entries somewhere that will help you to
figure out what is breaking.  I think that logs, by default, are stored
in /usr/local/samba/var.  The default setting also separates logs by
computer name, and so what I would do is find a test computer and try to
connect to the samba server using a normal domain account.  When that
doesn't work, check the appropriate logfile to see why the connection
was rejected.  Log level 1 catches most problems for me, if the
connection is rejected and nothing is logged, you may have to increase
this.  This is what I use in my smb.conf file for logs if it helps any:

  # LOGGING:
  #
  log level = 1
  log file = /var/log/samba/%m.log
  max log size = 50

You are getting usernames back from 'getent passwd', right?  That at
least indicates that nsswitch is working.

Winston Nimchan wrote:
> 
> I have a Win 2K Mixed Mode domain with 1 NT4 Server and 4 2k Servers
> I installed from source/configured with --with-pam etc
> I have Win 2k, 9x clients.
> 
> If I manually add my domain users to smbpasswd, my 2k clients can
> connect to my samba server and use resources but my win 9x clients are
> prompting for password and nothing that i enter seems to be valid.
> 
> Is winbind supposed to copy my domain users/groups to my samba box? so
I
> don't have to recreate each user in samba.
> 
> Regards
> 
> Winston Nimchan
> 
> -----Original Message-----
> From: Sean Trammell [mailto:strammell at siumed.edu]
> Sent: Monday, October 22, 2001 1:35 PM
> To: Winston Nimchan
> Cc: David Brodbeck; samba at lists.samba.org
> Subject: Re: Winbind/RH7.1...More Help
> 
> Someone correct me if I am wrong, but I think that this really is a
PAM
> problem.  There are several things that I can think of offhand, either
> samba was not compiled --with-pam or samba is not configured correctly
> or the appropriate PAM module is not configured correctly.  We need
more
> information, are you getting any errors in /var/log/messages?  PAM
> problems are logged there on my Redhat 7.1 system.  Also, did you use
an
> RPM or did you compile samba from source?  If it was source, did you
use
> --with-pam when configuring?  If that fails you could post the
relevant
> lines of your smb.conf file (probably most the global section).  What
is
> the OS of your password server?
> 
> -Sean
> 
> Winston Nimchan wrote:
> >
> > hey:
> >
> > got pass that stage. wbinfo & getent returns the values as expected.
> >
> > However my Windoze client are prompting for username/password and
> > nothing I enter is being accepted. Any ideas?
> >
> > Regards
> >
> > Winston Nimchan
> >
> > -----Original Message-----
> > From: David Brodbeck [mailto:DavidB at mail.interclean.com]
> > Sent: Monday, October 22, 2001 12:59 PM
> > To: Winston Nimchan; Sean Trammell
> > Cc: samba at lists.samba.org
> > Subject: RE: Winbind/RH7.1...More Help
> >
> > I don't think this is a PAM problem.  'getent' relies on the
nsswitch
> > mechanism but I don't think it relies on PAM.
> >
> > -----Original Message-----
> > From: Winston Nimchan [mailto:Winston_Nimchan at trinsys.com]
> > Sent: Friday, October 19, 2001 3:08 PM
> > To: Sean Trammell
> > Cc: samba at lists.samba.org
> > Subject: RE: Winbind/RH7.1...More Help
> >
> > Tried all the suggestions and still can't see my domain users/groups
> > with getent
> > secret is good and message has nothing abnormal bout PAM
> >
> > Winston
> >
> > -----Original Message-----
> > From: Sean Trammell [mailto:strammell at siumed.edu]
> > Sent: Friday, October 19, 2001 10:54 AM
> > To: Winston Nimchan
> > Cc: samba at lists.samba.org
> > Subject: Re: Winbind/RH7.1...More Help
> >
> > That is most likely a PAM problem, you need to create/modify a file
> at:
> > /etc/pam.d/samba
> >
> > so that authentication will work against your domain (only for the
> > samba service, logging into your linux computer is a different
> > service).  Be very careful with PAM, you can lock yourself out of
your
> > machine if it is misconfigured.  For example, my /etc/pam.d/samba
file
> > looks like this:
> >
> > auth            required        /lib/security/pam_securetty.so
> > auth            required        /lib/security/pam_nologin.so
> > auth            sufficient      /lib/security/pam_winbind.so
> > auth            required        /lib/security/pam_pwdb.so
> use_first_pass
> > shadow nullok
> > account         required        /lib/security/pam_winbind.so
> > session         required        /lib/security/pam_pwdb.so
> > password        required        /lib/security/pam_pwdb.so
> >
> > Check to make sure that PAM is configured correctly for samba here,
> > and then you can check the error log at /var/log/messages for any
> > errors relating to PAM if it still won't work.  Also make sure
> > that the pam module pam_winbind.so is in place in /lib/security.
> >
> > Login is a separate module (not samba), you would need to modify
> > another module config to do that.
> >
> > -Sean
> >
> > Winston Nimchan wrote:
> > >
> > > The winbind now works...my getent passwd & groups returns the
domain
> > > users/groups
> > >
> > > What should be the next step? my clients (Win2K & Win9x) are still
> > > prompting for a password and I cannot login to my linux box using
> > > DOMAIN*domainuser.
> > >
> > > Must I add each domain user as a user on the linux box?
> > >
> > > Regards
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list