Samba + PAM + Winbind

Recknagel, Andrew Andrew.Recknagel at ProMedica.org
Wed Jan 16 10:47:24 GMT 2002 

Hey everybody,

I've been trying to get a Linux box (SuSE 7.3, Linux 2.4.10) setup as a file
server using Samba (v2.2.2) with authentication going to our WinNT PDC.
I've followed the instructions detailed in Winbind HOWTO, but I'm still not
having any luck.  It appears as though I've sucessfully added the box to the
domain and winbind seems to be running as I can obtain a listing of
users/groups from my PDC with wbinfo (and getent), but when I try to access
the share I'm getting this error:

[2002/01/14 14:34:26, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
  cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT

Question #1: Does it make a difference which order i add the machine to the
domain?  I've read suggestions where people say you should add it with
smbpasswd, and I've also read that you should add the machine beforehand
from the Windows side.  It seems to me like they should both achieve the
same results.

Question #2: When I compiled Samba, I configured it with support for PAM and
Winbind, so shouldn't this be ok?  I assume since winbind is working, that I
compiled it with the sufficient includes, but it just seems to be failing
during authentication.  (I've made what I thought were the necessary changes
to /etc/pam.d/samba for this to work.)

Here's a copy of my smb.conf for reference.

# Global parameters
[global]
        workgroup = PHS
        server string = Samba Server
        security = domain
        encrypt passwords = Yes
        password server = phsntpdc
        template homedir = /home/%D/%U
        log file = /usr/local/samba/var/log.%m
        max log size = 50
        domain logons = Yes
        preferred master = False
        local master = No
        domain master = False
        dns proxy = No
        wins server = 159.116.5.6
        winbind separator = +
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template shell = /bin/bash
        netbios name = phslnx007
        debug level = 10


 [homes]
        comment = Home Directories
        path = /home/PHS
        read only = No
        guest ok = Yes

Also, here's my /etc/pam.d/samba.

auth		required		/lib/security/pam_securetty.so
auth		required		/lib/security/pam_nologin.so
auth		sufficient	/lib/security/pam_winbind.so
auth		required		/lib/security/pam_pwdb.so
use_first_pass shadow nullok
account		required		/lib/security/pam_winbind.so

I've been searching through old messages in the list, trying to find a
solution, but I haven't found anything applicable.  If this is a common
error that's been discussed before, I apologize.  :)

Thanks,
Andy

More information about the samba mailing list