[Samba] Winbind / AD
Esler, Joel Contractor
EslerJ at RCERT-S.ARMY.MIL
Thu Feb 20 16:01:45 GMT 2003
AD W2K -- Native mode.
Samba 2.2.5 -- Redhat 8.0
Attempting to authenticate the login with the Domain Controller. I can log
into the Redhat box locally, and browse around the domain with
LinNeighborhood. However, this is what I want.
When a person boots RH 8.0, they get the login prompt. When they type in
their login and password at the inital login I want it to be able to sync
with the Domain Controller to see if A) they are allowed to login to the
domain, B) Password is right, current, C) see if their account is locked...
etc etc...
I am assuming this is done through LDAP and Kerberos authentication with the
Domain Controller, however, I am getting errors. Pasted here is a copy of
the error message I am receiving:
[2003/02/20 04:32:36, 0] param/loadparm.c:lp_do_parameter(2763)
Global parameter winbind separator found in service section!
[2003/02/20 04:32:36, 0] param/loadparm.c:lp_do_parameter(2763)
Global parameter winbind uid found in service section!
[2003/02/20 04:32:36, 0] param/loadparm.c:lp_do_parameter(2763)
Global parameter winbind gid found in service section!
[2003/02/20 04:32:36, 0] param/loadparm.c:lp_do_parameter(2763)
Global parameter winbind enum users found in service section!
[2003/02/20 04:32:36, 0] param/loadparm.c:lp_do_parameter(2763)
Global parameter winbind enum groups found in service section!
[2003/02/20 04:32:36, 0] param/loadparm.c:lp_do_parameter(2763)
Global parameter template shell found in service section!
[2003/02/20 04:32:36, 0] param/loadparm.c:lp_do_parameter(2763)
Global parameter winbind use default domain found in service section!
[2003/02/20 04:32:36, 0] nsswitch/winbindd_util.c:winbindd_param_init(326)
winbind uid range missing or invalid
Here is a copy of my smb.conf
workgroup = S-TNOSC
server string =
log file = /var/log/samba/%m.log
max log size = 0
security = domain
password server = *
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
dns proxy = no
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
winbind use default domain = yes
Please get back to me with any advice.
More information about the samba
mailing list