[Samba] Winbind login: has "DOMAIN+user", wants "user"

Sean Lee sean at erexi.com.tw
Thu Jan 1 08:07:07 GMT 2004 

I stopped Samba, rm -rf /var/lib/samba/*tdb, edited the config file
(winbind use default domain = yes), started Samba. 
The situation is the same - "DOMAIN+john" can login, "john" cannot.
"getend passwod" and "getent group" show Windows accounts with the
domain portion, I don't get it - there is very little to configure until
the "getent" step... Is it possible that I misconfigured something else?

[root at redhat9 pam.d]# getent passwd | grep john
DOMAIN+john:x:10004:10000:john:/home/winnt/DOMAIN/john:/bin/bash
[root at redhat9 pam.d]# wbinfo -u
DOMAIN+Administrator
DOMAIN+Guest
DOMAIN+john
...

Jan  1 23:52:50 redhat9 login(pam_unix)[30046]: check pass; user unknown
Jan  1 23:52:50 redhat9 login(pam_unix)[30046]: authentication failure; logname= uid=0 euid=0 tty=tty1 ruser= rhost=
Jan  1 23:52:59 redhat9 pam_winbind[30046]: request failed: Unexpected information received, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER
Jan  1 23:52:59 redhat9 pam_winbind[30046]: internal module error (retval = 4, user = `john'
Jan  1 23:52:59 redhat9 login(pam_unix)[30046]: check pass; user unknown
Jan  1 23:53:01 redhat9 login[30046]: FAILED LOGIN 1 FROM (null) FOR john, Authentication failure
Jan  1 23:53:07 redhat9 pam_winbind[30046]: user 'DOMAIN+john' granted acces
Jan  1 23:53:07 redhat9 pam_winbind[30046]: user 'DOMAIN+john' granted acces
Jan  1 23:53:07 redhat9 login(pam_unix)[30046]: session opened for user DOMAIN+john by (uid=0)
Jan  1 23:53:07 redhat9  -- DOMAIN+john[30046]: LOGIN ON tty1 BY DOMAIN+john

Thanks & Happy New Year
Sean


On Wed, 31 Dec 2003 15:49:09 +0000 (GMT)
John H Terpstra <jht at samba.org> wrote:

> On Wed, 31 Dec 2003, Sean Lee wrote:
> 
> > Hello,
> >
> > I'm using RH9 with latest Samba 3.0.x-x
> >
> > I configured winbind as per
> > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection.html#id2935561
> > I use the default smb.conf with following (from URL above) added to its
> > global section:
> >
> > winbind separator = +
> > idmap uid = 10000-20000
> > idmap gid = 10000-20000
> > winbind enum users = yes
> > winbind enum groups = yes
> > use nss_winbind = yes
> > template homedir = /home/winnt/%D/%U
> > template shell = /bin/bash
> 
> Add:
> 
> winbind use default domain = Yes
> 
> >
> > I cannot login using Active Directory's "username"; instead I must use
> > login "DOMAIN+username" at login prompt as recommended at
> > http://lists.samba.org/archive/samba/2002-June/045313.html, otherwise I
> > get the same error as mentioned at this URL.
> >
> > Why is that? I want to auth SMTP users via winbind so I want to be able
> > to use "user" instead of "DOMAIN+user".
> 
> If the above change does not work for you let me know.
> 
> PS: For this to work you must:
> 	1. Make the change shown
> 	2. Stop Samba
> 	3. Delete your existing /var/lib/samba/*tdb files
> 		(could be in /var/cache/samba/*tdb or
> 			/usr/local/samba/var/(tdb)
> 	4. Restart Samba
> 
> Make certain that: getent passwd
> shows your accounts without the Domain name portion.
> 
> - John T.
> -- 
> John H Terpstra
> Email: jht at samba.org

More information about the samba mailing list