[Samba] AD Domain member not authenticating

John Stile john at stilen.com
Wed Dec 1 19:06:27 GMT 2004

I had samba working, then I tried (unsuccessfully) to setup ssh pam auth.
Now users are prompted for a password when accessing shares, but no password
works.  I am using Redhat AS 3, samba-3.0.9-1, and krb5-1.3.  
I forgot to backup pam file system-auth before modifying things, so I'm not sure if that is the problem.
These commands succeed:
  wbinfo -u, 
  wbinfo -g  
  getent passwd
  getent group
  net ads info 
Time is within 2 seconds between 'net time' and 'date'
Running winbind in interactive mode while trying to connect, 
    winbindd -S -i -F -d 8 -Y
The end of the output (as there is a lot) looks like this:
    remove_duplicate_gids: Enter 5 gids
    remove_duplicate_gids: Exit 5 gids
    [ 6411]: gid to sid 10001
    [ 6411]: gid to sid 10066
    [ 6411]: gid to sid 10067
    [ 6411]: gid to sid 10265
    [ 6411]: gid to sid 10274
    read failed on sock 20, pid 6411: EOF
    read failed on sock 19, pid 6411: EOF
   server string = Samba Server
   workgroup = MYREALM
   security = ADS
   username map = /etc/samba/smbusers
   map to guest = Bad User
   password server = *
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   preferred master = no
   local master = no
   domain master = no
   os level = 33
   wins server =
   ldap ssl = no
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   winbind enum users = yes
   winbind enum groups = yes
   winbind separator = +
   winbind use default domain = Yes
   template primary group = "Domain Users"
   template homedir = /home/%U
   template shell = /bin/bash
   load printers = no
   log level = 1
   syslog = 0
   log file = /var/log/samba/%m.log
   max log size = 0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

More information about the samba mailing list