[Samba] ADS Authentication
Christoph Scheeder
christoph.scheeder at scheeder.de
Tue Dec 7 11:48:41 GMT 2004
Hi,
2 points:
1.) use the smb.conf which gives you a working wbinfo.
2.) this sounds like missconfigured pam to me.
-you have to tell pam that winbind is "sufficient" for "auth" and
"account" with the lines
"account sufficient pam_winbind.so" and
"auth sufficient pam_winbind.so"
this drops the need for the local posix-account.
-And for the "auth" modify the line with pam_unix.so to read like
"auth required pam_unix.so use_first_pass nullok"
this gets you rid of the second password-prompt.
hope it helps.
Christoph
Tom Skeren schrieb:
> Jeremy Allison wrote:
>
>> On Mon, Dec 06, 2004 at 02:29:29PM -0800, Tom Skeren wrote:
>>
>>
>>> I'm about ready to smash my head through a wall...I could use a few
>>> answers.
>>>
>>> 1. When using security = ads, and completing net ads join, it was my
>>> understanding that samba authenticated username/pword against ads,
>>> and local posix accounts were nolonger needed, is this true?
>>>
>>
>>
>> Yes, so long as you have nsswitch and pam set up correctly. It sounds
>> like you don't.
>>
>>
> Well, I've followed every how to that I can find. I have some
> strangeness. When I log into the unix terminal I have to supply 2 root
> passwords...the posix one and the one for root in ADS (they're
> different)....to login. The same for a user with both posix and ADS
> accounts. Non posix account users cannot login with an ADS account to
> the terminal.
>
> Depending on changes to the smb.conf file I get wild results with
> winbindd. One config gives users and groups with a wbinfo -u/g
> command. Others error out with differing reasons for the errors.
>
> I'm really not sure where the error is...it should be working, but it is
> not.
>
>> Jeremy.
>>
>>
>
More information about the samba
mailing list