[Samba] Fedora, Samba 3.0 Winbind problem. Pls help.

adslwmmy at tpg.com.au adslwmmy at tpg.com.au
Wed Feb 4 01:47:43 GMT 2004 

I have a Fedora Samba server and want to auth users against windows ad server
using winbind. I can wbinfo -u all users, wbinfo -a any user and get succeded
but whn I try to login via X i get the followin error. I know it is something
simple but I cannot see it. Please help
/etc/pam.d/login
#%PAM-1.0
auth       required	pam_securetty.so
auth 	   sufficient   pam_winbind.so
#auth	   sufficient	pam_unix.so use_first_pass
auth       required	pam_stack.so service=system-auth
auth       required	pam_nologin.so
account	   sufficient	pam_winbind.so
account    required	pam_stack.so service=system-auth
password   required	pam_stack.so service=system-auth
session    required	pam_stack.so service=system-auth
session    required     pam_mkhomedir.so skel=/etc/skel umask=0022
session    optional	pam_console.so

/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok use_first_pass
auth        required      /lib/security/pam_deny.so

account     sufficient    /lib/security/pam_winbind.so
account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
#winbind cache time = 15
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash


By the way, I have setup  security = ads in smb.conf

/etc/krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = RSC.CXM
 default_tgs_enctypes = des-cbc-crc des-cbc-md5
 default_tkt_enctypes = des-cbc-crc des-cbc-md5

# dns_lookup_realm = false
# dns_lookup_kdc = false

[realms]
 RSC.CXM = {
  kdc = msdcsrv1.rsc.cxm:88
 #admin_server = kerberos.example.com:749
  default_domain = rsc.cxm
 }

[domain_realm]
 .rsc.cxm = RSC.CXM
 rsc.cxm = RSC.CXM

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

More information about the samba mailing list