[Samba] NT auth with Winbind

bryantac67 at yahoo.com bryantac67 at yahoo.com
Thu Jul 17 19:45:37 GMT 2003

Hi All,
I am trying to get authentication against AD using
Winbind and Samba 3. We use Kerberos 5 as well. I know
that winbind is running properly because when I run
wbinfo -a, I get success messages. The problem seems
to be when I try to play with the pam modules. For
kicks, here is the pam module for sshd:

auth sufficient pam_winbind.so debug
auth sufficient pam_unix2.so # set_secrpc
auth required pam_nologin.so
auth required pam_env.so
account sufficient pam_winbind.so debug
account required pam_unix2.so
account required pam_nologin.so
password required pam_pwcheck.so
password required pam_unix2.so use_first_pass
session required pam_unix2.so none # trace or debug
session required pam_limits.so

The frustrating thing is that nothing shows up in the
logs. SInce the auth is set to sufficient above, I can
still use the service using my local credentials. This
shows up in the logfiles...it shows the pam_winbind
failing while the pam_unix2 succeeding. But when I try
to use the service with DOMAIN+username, nothing shows
up in the logs. All I get is a permission denied when
I try to use the service.

Also, I don't know if this is related, but when I run
winbindd -d 3 -i I get:
smbldap_open_connection: connection opened
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from
Connection to LDAP Server failed for the 1 try!
LDAP search failed: Invalid credentials
Query was: , (objectclass=sambaGroupMapping)
Unable to open passdb
scanning trusted domain list

I don't know if these problems could be related to the
fact that we are using Krb and the PDC might not be
configured for that???? I am not familiar with the
specifics of everything yet. Any ideas?? Any help is
much appreciated.

Thanks In Advance!

Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!

More information about the samba mailing list