Samba + PAM + Winbind
Josh Konkol
susesambaboy at yahoo.com
Thu Jan 17 05:23:10 GMT 2002
Andrew,
I ran into the same problems myself. I had to run two commands to get around
this problem.
First:
/usr/local/samba/bin/smbpasswd -a -m MACHINENAME$
This creates a local machine account in the smbpasswd file. You will get an
error if it already exists, but don't worry it will created it automatically.
Second.:
/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDCNAME -U administratorname
It will then prompt you for a password and should reply with Joined domain
DOMAIN.
Make sure the machine account doesn't already exist in Server Manager before
doing this. Also, make sure the smbd, nmbd, winbindd daemons are stopped
first.
Let me know how this works out!!
Good Luck,
Josh Konkol
On Wednesday 16 January 2002 12:39, Recknagel, Andrew wrote:
> Hey everybody,
>
> I've been trying to get a Linux box (SuSE 7.3, Linux 2.4.10) setup as a
> file server using Samba (v2.2.2) with authentication going to our WinNT
> PDC. I've followed the instructions detailed in Winbind HOWTO, but I'm
> still not having any luck. It appears as though I've sucessfully added the
> box to the domain and winbind seems to be running as I can obtain a listing
> of users/groups from my PDC with wbinfo (and getent), but when I try to
> access the share I'm getting this error:
>
> [2002/01/14 14:34:26, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
> cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
>
> Question #1: Does it make a difference which order i add the machine to the
> domain? I've read suggestions where people say you should add it with
> smbpasswd, and I've also read that you should add the machine beforehand
> from the Windows side. It seems to me like they should both achieve the
> same results.
>
> Question #2: When I compiled Samba, I configured it with support for PAM
> and Winbind, so shouldn't this be ok? I assume since winbind is working,
> that I compiled it with the sufficient includes, but it just seems to be
> failing during authentication. (I've made what I thought were the
> necessary changes to /etc/pam.d/samba for this to work.)
>
> Here's a copy of my smb.conf for reference.
>
> # Global parameters
> [global]
> workgroup = PHS
> server string = Samba Server
> security = domain
> encrypt passwords = Yes
> password server = phsntpdc
> template homedir = /home/%D/%U
> log file = /usr/local/samba/var/log.%m
> max log size = 50
> domain logons = Yes
> preferred master = False
> local master = No
> domain master = False
> dns proxy = No
> wins server = 159.116.5.6
> winbind separator = +
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> template shell = /bin/bash
> netbios name = phslnx007
> debug level = 10
>
>
> [homes]
> comment = Home Directories
> path = /home/PHS
> read only = No
> guest ok = Yes
>
> Also, here's my /etc/pam.d/samba.
>
> auth required /lib/security/pam_securetty.so
> auth required /lib/security/pam_nologin.so
> auth sufficient /lib/security/pam_winbind.so
> auth required /lib/security/pam_pwdb.so
> use_first_pass shadow nullok
> account required /lib/security/pam_winbind.so
>
> I've been searching through old messages in the list, trying to find a
> solution, but I haven't found anything applicable. If this is a common
> error that's been discussed before, I apologize. :)
>
> Thanks,
> Andy
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the samba
mailing list