[Samba] Samba 3.0.0 + ADS authentication and login

Robert Sprockeels robert.sprockeels at boat.be
Tue Sep 30 14:44:36 GMT 2003


Hi list,

At a customer site, we have a number of Linux workstations (Mandrake 9.1)
with samba 2.2.7a installed running in an NT domain. We use winbindd to do
user authentication against the domain server via pam_winbind. When
logging in a first time, we create the local user's home directory with
pam_mkhomedir. We mount the user's network ressources with pam_mount. This
all works very fine.

The organization is now migrating from NT to ADS, and we have to provide
the same behaviour as before.

I installed samba 3.0.0 stable on a test workstation, and configured it as
per HOWTO. I was able to successfully join the machine into the ADS
domain. The "net ads group" and "net ads user" commands work fine.

Logging in as a domain user against the domain server succeeds, but
winbindd does not provide the local uid/gid. The next pam modules (login
and kde3) report "User not known to the underlying authentication module",
so login fails.

In the documentation there is no detailed howto for configuring winbindd
so that it authenticates with LDAP/Kerberos and creates the local idmap
uid and gid for the user. A minimum configuration example would be nice
here. I guess that once this step is OK, the next step of creating the
local user's directory structure with pam_mkhomedir would work like
before...

Can anyone help me with this?

Robert





More information about the samba mailing list