[Samba]
SUMMARY:Re: User authentication to AD200X, need local users?
spike1197
spike1197 at gmail.com
Wed Dec 29 19:18:58 GMT 2004
getent passwd gave me local users only.
In my nsswitch.conf file I had
passwd: winbind compat
shadow: winbind compat
group: winbind compat
I changed that to
passwd: files winbind
shadow: files
group: files winbind
and everything is happy.
thanks jht for the brain-jar
On Wed, 29 Dec 2004 08:26:51 -0800, spike1197 <spike1197 at gmail.com> wrote:
> I am trying to get user authentication in a 200X AD to have domain
> users see the samba shares (RH ES3, samba 3.0.9-1).
>
> I can see the shares, but when I try to access any of the shares, I
> get prompted for a username and password and this is what shows up in
> the log.winbindd file
> -------------------
> [2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
> user 'robl' does not exist
> [2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
> user 'ROBL' does not exist
> [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
> user 'luser-ibmlptp2$' does not exist
> [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
> user 'luser-ibmlptp2$' does not exist
> [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
> user 'LUSER-IBMLPTP2$' does not exist
> ---------------------
>
> robl the user I'm logged into and LUSER-IBMLPTP2 is the computer name.
>
> I can get a listing of the domain users from the linux machine with
> the wbinfo command:
> -----------------------------
> [root at gort samba]# wbinfo -u
> TESTER+Administrator
> TESTER+Guest
> TESTER+SUPPORT_388945a0
> TESTER+TEST1$
> TESTER+krbtgt
> TESTER+pauld
> TESTER+robl
> TESTER+tester1
> TESTER+tester2
> TESTER+tester3
> TESTER+TEST2$
> TESTER+gort$
> TESTER+LUSER-IBMLPTP2$
> ------------------------------
>
> It may be that I have to config another file in pam.d. here is my
> pam.d/samba and pam.d/login files (respectively)
> --------------------------------
> #%PAM-1.0
> auth sufficient pam_winbind.so
> auth required pam_unix.so nullok
> account sufficient pam_winbind.so
> account required pam_unix.so
> session required pam_unix.so
> password required pam_unix.so
> ----------------------------------
> #%PAM-1.0
> auth required pam_securetty.so
> auth required pam_stack.so service=system-auth
> auth required pam_nologin.so
> account required pam_stack.so service=system-auth
> password required pam_stack.so service=system-auth
> session required pam_stack.so service=system-auth
> session optional pam_console.so
> ---------------------------------------
>
> and smb.conf...
> -------------------------------------
>
> [global]
> netbios name = Gort
> server string = Gort
> workgroup = TESTER
> os level = 20
> encrypt passwords = yes
> security = ADS
> password server = test1.tester.randd.com
> realm = TESTER.RANDD.COM
>
> winbind separator = +
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind enum groups = yes
> winbind enum users = yes
>
> [space]
> comment = Test Share
> browseable = yes
> writeable = yes
> public = yes
> ----------------------------------------
>
> any input would be great.
> Thanks
>
More information about the samba
mailing list