[Samba] ADS Authentication
christoph.scheeder at scheeder.de
Tue Dec 7 11:48:41 GMT 2004
1.) use the smb.conf which gives you a working wbinfo.
2.) this sounds like missconfigured pam to me.
-you have to tell pam that winbind is "sufficient" for "auth" and
"account" with the lines
"account sufficient pam_winbind.so" and
"auth sufficient pam_winbind.so"
this drops the need for the local posix-account.
-And for the "auth" modify the line with pam_unix.so to read like
"auth required pam_unix.so use_first_pass nullok"
this gets you rid of the second password-prompt.
hope it helps.
Tom Skeren schrieb:
> Jeremy Allison wrote:
>> On Mon, Dec 06, 2004 at 02:29:29PM -0800, Tom Skeren wrote:
>>> I'm about ready to smash my head through a wall...I could use a few
>>> 1. When using security = ads, and completing net ads join, it was my
>>> understanding that samba authenticated username/pword against ads,
>>> and local posix accounts were nolonger needed, is this true?
>> Yes, so long as you have nsswitch and pam set up correctly. It sounds
>> like you don't.
> Well, I've followed every how to that I can find. I have some
> strangeness. When I log into the unix terminal I have to supply 2 root
> passwords...the posix one and the one for root in ADS (they're
> different)....to login. The same for a user with both posix and ADS
> accounts. Non posix account users cannot login with an ADS account to
> the terminal.
> Depending on changes to the smb.conf file I get wild results with
> winbindd. One config gives users and groups with a wbinfo -u/g
> command. Others error out with differing reasons for the errors.
> I'm really not sure where the error is...it should be working, but it is
More information about the samba