[Samba] SUMMARY:Re: User authentication to AD200X, need local users?

spike1197 spike1197 at gmail.com
Wed Dec 29 19:18:58 GMT 2004 

getent passwd gave me local users only.

In my nsswitch.conf file I had

passwd:     winbind compat
shadow:     winbind compat
group:      winbind compat

I changed that to

passwd:   files winbind
shadow:   files
group:      files winbind

and everything is happy.
thanks jht for the brain-jar


On Wed, 29 Dec 2004 08:26:51 -0800, spike1197 <spike1197 at gmail.com> wrote:
> I am trying to get user authentication in a 200X AD to have domain
> users see the samba shares (RH ES3, samba 3.0.9-1).
> 
> I can see the shares, but when I try to access any of the shares, I
> get prompted for a username and password and this is what shows up in
> the log.winbindd file
> -------------------
> [2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
>  user 'robl' does not exist
> [2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
>  user 'ROBL' does not exist
> [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
>  user 'luser-ibmlptp2$' does not exist
> [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
>  user 'luser-ibmlptp2$' does not exist
> [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
>  user 'LUSER-IBMLPTP2$' does not exist
> ---------------------
> 
> robl the user I'm logged into and LUSER-IBMLPTP2 is the computer name.
> 
> I can get a listing of the domain users from the linux machine with
> the wbinfo command:
> -----------------------------
> [root at gort samba]# wbinfo -u
> TESTER+Administrator
> TESTER+Guest
> TESTER+SUPPORT_388945a0
> TESTER+TEST1$
> TESTER+krbtgt
> TESTER+pauld
> TESTER+robl
> TESTER+tester1
> TESTER+tester2
> TESTER+tester3
> TESTER+TEST2$
> TESTER+gort$
> TESTER+LUSER-IBMLPTP2$
> ------------------------------
> 
> It may be that I have to config another file in pam.d. here is my
> pam.d/samba and pam.d/login files (respectively)
> --------------------------------
> #%PAM-1.0
> auth       sufficient   pam_winbind.so
> auth       required     pam_unix.so nullok
> account    sufficient   pam_winbind.so
> account    required     pam_unix.so
> session    required     pam_unix.so
> password   required     pam_unix.so
> ----------------------------------
> #%PAM-1.0
> auth       required     pam_securetty.so
> auth       required     pam_stack.so service=system-auth
> auth       required     pam_nologin.so
> account    required     pam_stack.so service=system-auth
> password   required     pam_stack.so service=system-auth
> session    required     pam_stack.so service=system-auth
> session    optional     pam_console.so
> ---------------------------------------
> 
> and smb.conf...
> -------------------------------------
> 
> [global]
>        netbios name = Gort
>        server string = Gort
>        workgroup = TESTER
>        os level = 20
>        encrypt passwords = yes
>        security = ADS
>        password server = test1.tester.randd.com
>        realm = TESTER.RANDD.COM
> 
>        winbind separator = +
>        winbind uid = 10000-20000
>        winbind gid = 10000-20000
>        winbind enum groups = yes
>        winbind enum users = yes
> 
> [space]
>        comment = Test Share
>        browseable = yes
>        writeable = yes
>        public = yes
> ----------------------------------------
> 
> any input would be great.
> Thanks
>

More information about the samba mailing list