Samba + PAM + Winbind
Recknagel, Andrew
Andrew.Recknagel at ProMedica.org
Wed Jan 16 10:47:24 GMT 2002
Hey everybody,
I've been trying to get a Linux box (SuSE 7.3, Linux 2.4.10) setup as a file
server using Samba (v2.2.2) with authentication going to our WinNT PDC.
I've followed the instructions detailed in Winbind HOWTO, but I'm still not
having any luck. It appears as though I've sucessfully added the box to the
domain and winbind seems to be running as I can obtain a listing of
users/groups from my PDC with wbinfo (and getent), but when I try to access
the share I'm getting this error:
[2002/01/14 14:34:26, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
Question #1: Does it make a difference which order i add the machine to the
domain? I've read suggestions where people say you should add it with
smbpasswd, and I've also read that you should add the machine beforehand
from the Windows side. It seems to me like they should both achieve the
same results.
Question #2: When I compiled Samba, I configured it with support for PAM and
Winbind, so shouldn't this be ok? I assume since winbind is working, that I
compiled it with the sufficient includes, but it just seems to be failing
during authentication. (I've made what I thought were the necessary changes
to /etc/pam.d/samba for this to work.)
Here's a copy of my smb.conf for reference.
# Global parameters
[global]
workgroup = PHS
server string = Samba Server
security = domain
encrypt passwords = Yes
password server = phsntpdc
template homedir = /home/%D/%U
log file = /usr/local/samba/var/log.%m
max log size = 50
domain logons = Yes
preferred master = False
local master = No
domain master = False
dns proxy = No
wins server = 159.116.5.6
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
netbios name = phslnx007
debug level = 10
[homes]
comment = Home Directories
path = /home/PHS
read only = No
guest ok = Yes
Also, here's my /etc/pam.d/samba.
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so
use_first_pass shadow nullok
account required /lib/security/pam_winbind.so
I've been searching through old messages in the list, trying to find a
solution, but I haven't found anything applicable. If this is a common
error that's been discussed before, I apologize. :)
Thanks,
Andy
More information about the samba
mailing list