[Samba] Linux as NT Domain member cannot authenticate user logon

Benny benny at tunghingmfy.com
Wed May 7 07:43:53 GMT 2003


Hello everyone,

Been trying hard to get my RH9 running as NT Domain member which keep
failing at the authentication of another XP/2000 users.

I have no problem if I create a unix account and samba account, but I =
need winbindd.

OS: RedHat 9.0
Samba: 2.2.8

smb.conf

1. set Security=3D domain
2. set password server=3D * / or netbios name of my PDC
3.separate domain and username with '+', like DOMAIN+username winbind =
separator =3D +=20
4. use uids from 10000 to 20000 for domain users winbind uid =3D =
10000-20000=20
5. use gids from 10000 to 20000 for domain groups winbind gid =3D =
10000-20000=20
6. allow enumeration of winbind users and groups winbind enum users =3D =
yes winbind enum groups =3D yes=20
7. give winbind users a real shell (only needed if they have telnet =
access) template shell =3D /bin/bash=20

nsswitch.conf

passwd:     files winbind
shadow:     files winbind
group:      files winbind

Had joined the Domain by using smbpasswd -j domain -r PDC -U =
administrator

Tested winbind with "ps -ae |grep winbindd with response like=20
'1670 ?  00:00:00 winbindd'

Used wbinfo -u, wbinfo -g, getent passwd, getent group to make sure it =
get=20
groups and users on the NT Domain, and it shows no problem at all.

Tested with 'wbinfo -a domain+user%password' and get response like =
authentication=20
successful.

Yet, the Samba server keep prompt me for username and password to logon =
and=20
it failed on me every single time.

One thing, I've no idea though is the /etc/pam.d/* changes on 'auth' and =
'account' line as
mentioned on samba documentations. In my RH9 /etc/pam.d/ directories, I =
had like 84=20
files, and I don't know which should I change. Tried to change the file =
'samba', but did
not work either.

Would appreciate if anyone can help.

Benny


More information about the samba mailing list