[Samba] User authentication to AD200X, need local users?

spike1197 spike1197 at gmail.com
Wed Dec 29 16:26:51 GMT 2004 

I am trying to get user authentication in a 200X AD to have domain
users see the samba shares (RH ES3, samba 3.0.9-1).

I can see the shares, but when I try to access any of the shares, I
get prompted for a username and password and this is what shows up in
the log.winbindd file
-------------------
 [2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'robl' does not exist
[2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'ROBL' does not exist
[2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'luser-ibmlptp2$' does not exist
[2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'luser-ibmlptp2$' does not exist
[2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
  user 'LUSER-IBMLPTP2$' does not exist
---------------------

robl the user I'm logged into and LUSER-IBMLPTP2 is the computer name.

I can get a listing of the domain users from the linux machine with
the wbinfo command:
-----------------------------
[root at gort samba]# wbinfo -u
TESTER+Administrator
TESTER+Guest
TESTER+SUPPORT_388945a0
TESTER+TEST1$
TESTER+krbtgt
TESTER+pauld
TESTER+robl
TESTER+tester1
TESTER+tester2
TESTER+tester3
TESTER+TEST2$
TESTER+gort$
TESTER+LUSER-IBMLPTP2$
------------------------------

It may be that I have to config another file in pam.d. here is my
pam.d/samba and pam.d/login files (respectively)
--------------------------------
#%PAM-1.0
auth       sufficient   pam_winbind.so
auth       required     pam_unix.so nullok
account    sufficient   pam_winbind.so
account    required     pam_unix.so
session    required     pam_unix.so
password   required     pam_unix.so
----------------------------------
#%PAM-1.0
auth       required     pam_securetty.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so
---------------------------------------

and smb.conf...
-------------------------------------

[global]
        netbios name = Gort
        server string = Gort
        workgroup = TESTER
        os level = 20
        encrypt passwords = yes
        security = ADS
        password server = test1.tester.randd.com
        realm = TESTER.RANDD.COM

        winbind separator = +
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum groups = yes
        winbind enum users = yes

[space]
        comment = Test Share
        browseable = yes
        writeable = yes
        public = yes
----------------------------------------



any input would be great.
Thanks

More information about the samba mailing list