[Samba] Using WINBIND and the latest samba 3

Gabriel Matthews gabriel at cinergycom.com
Tue Sep 30 14:01:19 GMT 2003

I've been tooling with this for a while, and I need some help... please!!

Here's what I'm trying to do.  I want a samba server to work with winbind,
so that when I type 'getent passwd' it shows a list of local users, as
well as my domain user list.  I want a user to be able to ssh into the
machine using their NT 4 domain username, like domain\username.  That's
pretty much it.

Here's what I have done thus far to accomplish this, to no avail.  I have
Redhat 9.  I have installed samba 3.0 from the .rpm file from samba's
site.. I have edited the .conf file to look like it does at the bottom of
this email.  I have put /etc/init.d/smb and winbind in the /rc.3/ folder
so that they will start up automatically on reboot.  I have edited
nsswitch.conf to look like it does at the bottom of this email.  I have
even gone so far as to edit the passwd file in /etc/pam.d/ to look like it
does in the Samba HOWTO's instructions on Winbind, included at the bottom.
I can type 'wbinfo -u' and it shows me the full-on list of all users.  I
can join the domain with 'net rpc join -S PDC -U admin%passwd' and receive
a 'joined domain successfully' response.  Everything that I do seems to be
working fine, except for some reason my machine is not looking to winbind
for its authentication.  In the HOWTO, it says that after you join the
domain, and can type 'wbinfo -u(g)' and receive proper results, then you
should be able to type 'getent passwd' and get proper results as well.
But at that point I am coming to a stop.

Is there something I'm missing perhaps?  Was the RPM file for redhat 9
compiled excluding some special option that I need to accomplish this
task?  If so, I can certainly compile it from source, but I need to know
what option to include so I can know what results to expect.  Or perhaps
just some step in the configuration that I'm missing?  I'm working on a
deadline here and I need to get this working soon, so any help anyone can
offer me would be greatly appreciated.. Thanks again!

--Reference Material:

Location of HOWTO I am referring to:

Contents of /etc/samba/smb.conf:
        workgroup = DOMAIN
        server string = FRODO
        security = SERVER
        password server = LUKE
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        wins server =
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 30000-40000

Contents of /etc/nsswitch.conf:
(note:  There are other lines in this file, but I have left them default,
the passwd and group lines are the only ones I have edited)
passwd:     files winbind
shadow:     files
group:      files winbind

Contents of /etc/pam.d/passwd and /etc/pam.d/login
[root at frodo samba]# cat /etc/pam.d/passwd
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
[root at frodo samba]# cat /etc/pam.d/login
auth       required     pam_securetty.so
auth       sufficient   pam_winbind.so
auth       sufficient   pam_UNIX.so use_first_pass
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    sufficient   pam_winbind.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so

Gabriel Matthews
Network Support
Cinergy Communications

"No.  I am your father."
  -Darth Vader, leader, devoted parent,
     and friend to all.

More information about the samba mailing list