[Samba] Winbind, AD login problem

Kenneth Savoy kensavoy at nbnet.nb.ca
Thu Nov 20 13:39:25 GMT 2003 

I am trying to get about 40 workstations to join a windows server 2003 active directory domain. The network has about 7 domains. It is a fairly large WAN. I can view the domain users with wbinfo, getent shows the users in unix format. When I try to login it asks me for a password but wont accept anything. I have a PDC server and an LDAP server. Does ldap have to be configured on the client end? My smb.conf, nsswitch.conf, /etc/pam.d/login and /etc/pam.d/samba are below. I appreciate any help you can give me.

I start smb daemons in this order
smbd
nmbd
winbindd


<<SMB.CONF>>

[global]
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%D/%U
idmap uid = 10000-20000
idmap gid = 10000-20000
workgroup = <mydomain>
security = domain
password server = <MY PRIMARY DOMAIN CONTOLLER SERVER> **There is an LDAP
server but if I put that here I cant list users**


<<NSSWITCH.CONF>>
passwd:     files winbind
shadow:     files
group:      files winbind

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:    files nisplus

<</etc/pam.d/samba>>
#%PAM-1.0
auth    required        /lib/security/pam_stack.so service=system-auth
account required        /lib/security/pam_stack.so service=system-auth

<</etc/pam.d/login>>
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   /lib/security/pam_UNIX.so use_first_pass
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

More information about the samba mailing list