[Samba] 2.2 authenticate against AD but no corresponding local user

Jeremy C. Reed reed at reedmedia.net
Wed Jul 3 18:41:02 GMT 2002

My pam_ldap works for authenticating against Active Directory.

I want to use Samba 2.2 to allow printing if the user authenticates via
Active Directory even if the user doesn't have local account.

My problem with logs:

PAM is successful for authenticating via AD.

[2002/07/03 18:14:53, 4] passdb/pampass.c:smb_pam_auth(534)
  smb_pam_auth: PAM: User jdoe Authenticated OK
[2002/07/03 18:14:53, 4] passdb/pampass.c:smb_pam_account(555)
  smb_pam_account: PAM: Account Management for User: jdoe
[2002/07/03 18:14:53, 4] passdb/pampass.c:smb_pam_account(579)
  smb_pam_account: PAM: Account OK for User: jdoe
[2002/07/03 18:14:53, 4] passdb/pampass.c:smb_pam_setcred(606)
  PAM: Account Management SetCredentials for User: jdoe
[2002/07/03 18:14:53, 4] passdb/pampass.c:smb_pam_setcred(626)
  smb_pam_setcred: PAM: SetCredentials OK for User: jdoe
[2002/07/03 18:14:53, 4] passdb/pampass.c:smb_pam_end(436)
  smb_pam_end: PAM: PAM_END OK.

But then:

[2002/07/03 18:14:53, 3] smbd/reply.c:reply_sesssetup_and_X(1018)
  No such user jdoe [HOME] - using guest account

My guest account is nobody.

I did set:
   obey pam restrictions = no
so it would ignore account or session management.

[2002/07/03 18:14:57, 2] passdb/pampass.c:smb_pam_auth(510)
  smb_pam_auth: PAM: Athentication Error for user nobody
[2002/07/03 18:14:57, 2] passdb/pampass.c:smb_pam_error_handler(71)
  smb_pam_error_handler: PAM: Authentication Failure : Authentication failure

(Does it really need to check password for this guest too?)

If I don't allow null passwords, I receive:

[2002/07/03 15:04:32, 4] smbd/password.c:password_ok(602)
  Null passwords not allowed.
[2002/07/03 15:04:32, 2] smbd/service.c:make_connection(328)
  Invalid username/password for jdoe [nobody]

Any suggestions, step-by-step instructions, links, howtos on getting old
2.2 to work with PAM authentication but then no UID (or other info) for
that user?

I understand that it will use a guest account.

In addition, I need the printer (lpr) to have the username (argument 5
or 6) to be set to the original AD username and not the guest account


   Jeremy C. Reed

More information about the samba mailing list