Fwd: [Samba] Winbind: can't log in as domain user

Mike Ely samba at phoenix.k12.or.us
Mon Nov 3 15:59:44 GMT 2003 

Ping!

Begin forwarded message:

> From: Mike Ely <mike.ely at phoenix.k12.or.us>
> Date: October 31, 2003 11:06:37 AM PST
> To: "Gerald (Jerry) Carter" <jerry at samba.org>
> Cc: Samba <samba at lists.samba.org>
> Subject: Re: [Samba] Winbind: can't log in as domain user
>
>
> On Oct 31, 2003, at 9:59 AM, Gerald (Jerry) Carter wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Mike Ely wrote:
>>
>> | Basic problem is that domain users can't successfully log
>> | into the linux box.  I'm trying to set this box up as
>> | an ltsp server authenticating against our existing AD
>>
>> ...
>>
>> |     [libdefaults]
>> |             default_realm = LTSP.FOO.BAR
>> |             dns_lookup_realm = false
>> |             dns_lookup_kdc = true
>>
>> Did you enable the DNS lookup during compile?  If so then you can get
>> rid of the [realms] section below.
> Unfortunately, no.  So I'll have to keep the realms section below I 
> guess.
>>
>> |
>> |     [realms]
>> |             LTSP.FOO.BAR = {
>> ...
>>
> ...
>> How are the users/groups laid out in AD?
> Well, that problem seems to have gone away - I reboot the machine and 
> see all my domain users in the KDM loginwindow.  wbinfo -u confirms 
> this.
>
>> | Now, as root, I can change users to any domain user I want to 
>> without
>> | entering a password, using, for example:
>> |     su LTSP+fred
>> | and "whoami" returns the correct value.  However, if I log in as a 
>> local
>> | non-root account and try the same thing, or if I attempt to connect
>> | remotely using "ssh -l LTSP+fred" I get a failed password error even
>> | though I'm using a known-good password for that account.  BIG 
>> problem #2.
>>
>> Have you setup pam_winbind.so ?
> I have it copied to /lib/security/ where all the pam modules are.  Is 
> there more to setting it up than that?
>>
>> | I'm sure there's something simple that needs to be changed and all 
>> will
>> | suddenly Just Work.  Once that happens, perhaps someone could answer
>> | this: how do I automatically map the home directory of a domain 
>> user to
>> | their AD-defined home directory (//ltsp-fs1/staff/fred <-->
>> | /home/LTSP/fred, for example)?  I want to have no local storage for
>> | domain users on the linux box.
>>
>> See pam_mount.so and smbfs (or patches for the newer cifsvfs).
> Thanks, I'll look that up.
>
> Mike
>
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> ---
> [This E-mail scanned for viruses by Declude Virus]
>

---
[This E-mail scanned for viruses by Declude Virus]

More information about the samba mailing list