[Samba] Authenticating against a Windows 2000 DC?

Mon Jan 6 19:07:01 GMT 2003

Daniel Wittenberg writes:

> I thikn you got problems here the way you have it setup.  Try this for
> your /etc/pam.d/samba:
> #%PAM-1.0
> auth        sufficient    /lib/security/pam_krb5.so debug
> password    required      /lib/security/pam_krb5.so debug use_authtok

Are you sure I should be using krb5 and not winbind?

> Can you do a wbinfo -t?
> How about wbinfo -u and wbinfo -g ?

I tried these commands with all three of these /etc/pam.d/samba files:

===
auth        sufficient    /lib/security/pam_krb5.so debug
password    required      /lib/security/pam_krb5.so debug use_authtok
===

===
auth       sufficient   /lib/security/pam_winbind.so debug
password   required     /lib/security/pam_winbind.so debug use_authtok
===

and my original:

===
account required /lib/security/pam_winbind.so
session    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_nologin.so
auth       sufficient   /lib/security/pam_winbind.so
password   required     /lib/security/pam_winbind.so
auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
===

I quit and restart smbd, nmbd and winbindd each time, and each time I
got this exact output from wbinfo:

===
# wbinfo -t
Secret is good
# wbinfo -u
0xc0000022
# wbinfo -g
0xc0000022
===

-- 
Chris Palmer   Systems Programmer   GeneEd