[Samba] still winbind! plz...

Matt Jamison jamisonm at redhat.com
Wed Aug 7 05:18:02 GMT 2002 

I had the same problem, I fixed it by modifying the 
/etc/pam.d/system-auth  


auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok 
use_first_pass
auth        required      /lib/security/pam_deny.so

account     sufficient    /lib/secutiry/pam_winbind.so
account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 
shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/ 
umask=0022
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so


this should let winbind talk to the pdc. but, you need to run the 
smbpasswd (join to domain again)  command.  I don't remember of the top of 
my head the exact syntax.  alot of the instructions say to take the 
computer out of the domain and then re-add it through the the samba box, I 
didn't find it necessary, just run the smbpasswd command again.  make sure 
you: service smb stop, service winbind stop, then run smbpasswd.  then 
service smb start, service winbind start  and see what happens.

also, I don't know if this system-auth file is perfect, I'm still having 
trouble getting security=domain and adding groups to the write list in the 
smb.conf.  but I don't think its the system-auth file, but I have to do 
some more digging.  

this should make your secret problem go away, if not let me know.

Matt Jamison


On Wed, 7 Aug 2002, Antonio Nikolic wrote:

> Hi everybody,
> 
> I still have trouble gettin' winbind running correctly and as time
> passes by and all documentation and mailing lists have been read,
> things are getting really urgent...
> 
> I think i should abstract the problem to the mininmun:
>   winbind is up and running,
>   wbinfo -u works,
>   getenv password works,
>   wbinfo -t states that
> --->  Secret is bad
>   and winbind-logfile says to check the machineaccount,
>   samba-logfile comments my attempt to access a share as follows:
>   "could not fetch trust account password for domain xy"
> 
>   Server is a Windows2000 Advanced one..
>   machine account from the samba-server is visible in "Computers"
>   after having successfully joined the domain.
> 
>   I tried several setups with
>   2.2.5, 2.2.4 (selfcompiled)
>   and 2.2.3a (debian-sid package)
>   everytime the same. So I guess something with the configuration is
>   missing; perhaps I have to make changes in the W2k-Server
>   configuration.
> 
> Now - is there anybody out there, who knows how to solve this one?
> I've been around several mailing lists and everyone's just asking this
> kind of question about trust-account, but noone got answers...
> 
> cheers,
> tony
> 
> 

-- 
Matt Jamison 
Help Desk Technician &
Proprietary Software Assassin
Red Hat, Inc.
919-754-3700 x44406
jamisonm at redhat.com
NOVUS ORDO SECLORUM "a new order has begun"

More information about the samba mailing list