Fwd: [Samba] Winbind: can't log in as domain user
Mike Ely
samba at phoenix.k12.or.us
Mon Nov 3 15:59:44 GMT 2003
Ping!
Begin forwarded message:
> From: Mike Ely <mike.ely at phoenix.k12.or.us>
> Date: October 31, 2003 11:06:37 AM PST
> To: "Gerald (Jerry) Carter" <jerry at samba.org>
> Cc: Samba <samba at lists.samba.org>
> Subject: Re: [Samba] Winbind: can't log in as domain user
>
>
> On Oct 31, 2003, at 9:59 AM, Gerald (Jerry) Carter wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Mike Ely wrote:
>>
>> | Basic problem is that domain users can't successfully log
>> | into the linux box. I'm trying to set this box up as
>> | an ltsp server authenticating against our existing AD
>>
>> ...
>>
>> | [libdefaults]
>> | default_realm = LTSP.FOO.BAR
>> | dns_lookup_realm = false
>> | dns_lookup_kdc = true
>>
>> Did you enable the DNS lookup during compile? If so then you can get
>> rid of the [realms] section below.
> Unfortunately, no. So I'll have to keep the realms section below I
> guess.
>>
>> |
>> | [realms]
>> | LTSP.FOO.BAR = {
>> ...
>>
> ...
>> How are the users/groups laid out in AD?
> Well, that problem seems to have gone away - I reboot the machine and
> see all my domain users in the KDM loginwindow. wbinfo -u confirms
> this.
>
>> | Now, as root, I can change users to any domain user I want to
>> without
>> | entering a password, using, for example:
>> | su LTSP+fred
>> | and "whoami" returns the correct value. However, if I log in as a
>> local
>> | non-root account and try the same thing, or if I attempt to connect
>> | remotely using "ssh -l LTSP+fred" I get a failed password error even
>> | though I'm using a known-good password for that account. BIG
>> problem #2.
>>
>> Have you setup pam_winbind.so ?
> I have it copied to /lib/security/ where all the pam modules are. Is
> there more to setting it up than that?
>>
>> | I'm sure there's something simple that needs to be changed and all
>> will
>> | suddenly Just Work. Once that happens, perhaps someone could answer
>> | this: how do I automatically map the home directory of a domain
>> user to
>> | their AD-defined home directory (//ltsp-fs1/staff/fred <-->
>> | /home/LTSP/fred, for example)? I want to have no local storage for
>> | domain users on the linux box.
>>
>> See pam_mount.so and smbfs (or patches for the newer cifsvfs).
> Thanks, I'll look that up.
>
> Mike
>
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
---
[This E-mail scanned for viruses by Declude Virus]
More information about the samba
mailing list