[Samba] Fw: Winbind-bug Redhat 7.2

David Hoang dhoang at sito.saic.com
Fri Sep 20 20:52:01 GMT 2002 

----- Original Message ----- 
From: David Hoang 
To: samba-bugs at samba.org 
Sent: Friday, September 20, 2002 4:20 PM
Subject: Winbind-bug


I am using winbind and I notice it's not letting me logon to my unix box
unless i have created a unix-style account with entries in /etc/passwd & shadow.
I thought winbind was suppose to allow me to logon using my active directory (w2k)
box.  I please correct me if I'm wrong.

I read the docs and did the following:  smbd, nmbd, winbind all running,
> also able to to domain user/group
> info. with "wbinfo".  However still can't su, telnet to the linux box with
> my active directory user account.
>
> In /lib
> ------
> /lib/libnss_winbind.so
> /lib/libnss_winbind.so.2
>
> /etc/nsswitch.conf
> ------------------
> passwd:     files winbind
> shadow:     files 
> group:      files winbind
>
> Configure PAM with winbind
> ===================
> #make nsswitch/pam_winbind.so           * In source tree
> #cp nsswitch/pam_winbind.so /lib/security    *chmod 755 pam_winbind.so
>
> -Enable telnet in xinetd.d, xinetd running
>
> -Added /lib/security/pam_winbind.so to /etc/pam.d/login & su
> [root at caribou pam.d]# more su
> #%PAM-1.0
> auth       sufficient   /lib/security/pam_rootok.so
> auth       sufficient   /lib/security/pam_winbind.so
> auth       sufficient   /lib/security/pam_unix.so use_first_pass
> # Uncomment the following line to implicitly trust users in the "wheel"
> group.
> #auth       sufficient   /lib/security/pam_wheel.so trust use_uid
> # Uncomment the following line to require a user to be in the "wheel"
group.
> #auth       required     /lib/security/pam_wheel.so use_uid
> #auth       required     /lib/security/pam_smb_auth.so
> #auth       required    /lib/security/pam_stack.so service=system-auth
> account    required     /lib/security/pam_stack.so service=system-auth
> password   required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_stack.so service=system-auth
> session    optional     /lib/security/pam_xauth.so
> [root at caribou pam.d]# more login
> #%PAM-1.0
> auth       required     /lib/security/pam_securetty.so
> auth       sufficient   /lib/security/pam_winbind.so
> auth       sufficient   /lib/security/pam_unix.so use_first_pass
> auth       required     /lib/security/pam_stack.so service=system-auth
> auth       required     /lib/security/pam_nologin.so
> account    sufficient   /lib/security/pam_winbind.so
> account    required     /lib/security/pam_stack.so service=system-auth
> password   required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_stack.so service=system-auth
> session    optional     /lib/security/pam_console.so
>
> The results:
> [root at caribou pam.d]# su - dhoang
> su: user dhoang does not exist
>
> [root at caribou pam.d]# telnet caribou
> Trying 172.16.2.251...
> Connected to caribou.jvb.jpsd.org (172.16.2.251).
> Escape character is '^]'.
>
>     caribou (Linux release 2.4.7-10enterprise #1 SMP Thu Sep 6 16:48:20
EDT
> 2001) (2)
>
> login: dhoang
> Password for dhoang:
> Login incorrect

Please help shed some light:-)  Shouldn't winbind allow me to do this?
Or is it just letting me do things like "smbclient" with my active directory
logon/passwd info.

Thanks
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba mailing list