[Samba] still winbind! plz...
jamisonm at redhat.com
Wed Aug 7 05:18:02 GMT 2002
I had the same problem, I fixed it by modifying the
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account sufficient /lib/secutiry/pam_winbind.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
password required /lib/security/pam_deny.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
this should let winbind talk to the pdc. but, you need to run the
smbpasswd (join to domain again) command. I don't remember of the top of
my head the exact syntax. alot of the instructions say to take the
computer out of the domain and then re-add it through the the samba box, I
didn't find it necessary, just run the smbpasswd command again. make sure
you: service smb stop, service winbind stop, then run smbpasswd. then
service smb start, service winbind start and see what happens.
also, I don't know if this system-auth file is perfect, I'm still having
trouble getting security=domain and adding groups to the write list in the
smb.conf. but I don't think its the system-auth file, but I have to do
some more digging.
this should make your secret problem go away, if not let me know.
On Wed, 7 Aug 2002, Antonio Nikolic wrote:
> Hi everybody,
> I still have trouble gettin' winbind running correctly and as time
> passes by and all documentation and mailing lists have been read,
> things are getting really urgent...
> I think i should abstract the problem to the mininmun:
> winbind is up and running,
> wbinfo -u works,
> getenv password works,
> wbinfo -t states that
> ---> Secret is bad
> and winbind-logfile says to check the machineaccount,
> samba-logfile comments my attempt to access a share as follows:
> "could not fetch trust account password for domain xy"
> Server is a Windows2000 Advanced one..
> machine account from the samba-server is visible in "Computers"
> after having successfully joined the domain.
> I tried several setups with
> 2.2.5, 2.2.4 (selfcompiled)
> and 2.2.3a (debian-sid package)
> everytime the same. So I guess something with the configuration is
> missing; perhaps I have to make changes in the W2k-Server
> Now - is there anybody out there, who knows how to solve this one?
> I've been around several mailing lists and everyone's just asking this
> kind of question about trust-account, but noone got answers...
Help Desk Technician &
Proprietary Software Assassin
Red Hat, Inc.
jamisonm at redhat.com
NOVUS ORDO SECLORUM "a new order has begun"
More information about the samba