[Samba] Linux as NT Domain member cannot authenticate user logon
Benny
benny at tunghingmfy.com
Wed May 7 07:43:53 GMT 2003
Hello everyone,
Been trying hard to get my RH9 running as NT Domain member which keep
failing at the authentication of another XP/2000 users.
I have no problem if I create a unix account and samba account, but I =
need winbindd.
OS: RedHat 9.0
Samba: 2.2.8
smb.conf
1. set Security=3D domain
2. set password server=3D * / or netbios name of my PDC
3.separate domain and username with '+', like DOMAIN+username winbind =
separator =3D +=20
4. use uids from 10000 to 20000 for domain users winbind uid =3D =
10000-20000=20
5. use gids from 10000 to 20000 for domain groups winbind gid =3D =
10000-20000=20
6. allow enumeration of winbind users and groups winbind enum users =3D =
yes winbind enum groups =3D yes=20
7. give winbind users a real shell (only needed if they have telnet =
access) template shell =3D /bin/bash=20
nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
Had joined the Domain by using smbpasswd -j domain -r PDC -U =
administrator
Tested winbind with "ps -ae |grep winbindd with response like=20
'1670 ? 00:00:00 winbindd'
Used wbinfo -u, wbinfo -g, getent passwd, getent group to make sure it =
get=20
groups and users on the NT Domain, and it shows no problem at all.
Tested with 'wbinfo -a domain+user%password' and get response like =
authentication=20
successful.
Yet, the Samba server keep prompt me for username and password to logon =
and=20
it failed on me every single time.
One thing, I've no idea though is the /etc/pam.d/* changes on 'auth' and =
'account' line as
mentioned on samba documentations. In my RH9 /etc/pam.d/ directories, I =
had like 84=20
files, and I don't know which should I change. Tried to change the file =
'samba', but did
not work either.
Would appreciate if anyone can help.
Benny
More information about the samba
mailing list