[Samba] Setting up 3.0 to authenticate to AD
Norris, Brent
bnorris at Edmonson.k12.ky.us
Thu Jun 19 14:36:10 GMT 2003
Ok I changed my samba entries in pam.d and now I get a login box, but I
still cannot login. Here is what the log file for my machine shows now:
[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
Failed to verify incoming ticket!
[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
Failed to verify incoming ticket!
[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
Failed to verify incoming ticket!
[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
Failed to verify incoming ticket!
[2003/06/19 09:34:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(221)
Username bnorris is invalid on this system
Anyone got any ideas?
> Well, I have the same exact problem as you. I have
> everything setup right so that wbinfo pulls all information
> fine. I can Kerberos too. But, can't login from the network.
> I thought it was PAM, but no for me either. I've posted
> about this a couple of times, to no avail. Hope someone
> answers yours!
>
> -----Original Message-----
> From: Norris, Brent [mailto:bnorris at Edmonson.k12.ky.us]
> Sent: Thursday, June 19, 2003 10:14 AM
> To: Chip Bell
> Subject: RE: [Samba] Setting up 3.0 to authenticate to AD
>
> > Sounds like you set up winbind..did you do pam?
>
> I was under the impression from the documentation that pam
> only needed to be changed if you wanted to be able to use the
> accounts to login as far as telnet, ssh, ftp type stuff. It
> states that winbindd and samba should be working together and
> that they /etc/pam.d/samba didn't need changing. Though mine
> looks like this:
>
> auth required pam_nologin.so
> auth required pam_stack.so service=system-auth
> account required pam_stack.so service=system-auth
> session required pam_stack.so service=system-auth
> password required pam_stack.so service=system-auth
>
> While the doc's only has the two lines:
>
> auth required /lib/security/pam_stack.so service=system-auth
> account required /lib/security/pam_stack.so service=system-auth
>
> I wasn't attempting to change it though since that is what
> the samba rpm put in there. Perhaps I should change it to
> look like the one in the docs??
>
> Brent
>
> <------ output from testparm ----->
>
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Processing section "[printers]"
> Processing section "[public]"
> Loaded services file OK.
> 'winbind separator = +' might cause problems with group
> membership. Server role: ROLE_DOMAIN_MEMBER Press enter to
> see a dump of your service definitions
>
> # Global parameters
> [global]
> workgroup = STU
> realm = STU.EDMONSON.K12.KY.US
> server string = Linux File Server
> security = ADS
> log file = /var/log/samba/log.%m
> max log size = 50
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> dns proxy = No
> wins server = 10.76.16.50
> winbind separator = +
> winbind use default domain = Yes
>
> [homes]
> comment = Home Directories
> read only = No
> browseable = No
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> printable = Yes
> browseable = No
>
> [public]
> comment = Public Stuff
> path = /home/samba
> write list = bnorris
> guest ok = Yes
>
More information about the samba
mailing list