[Samba] Winbind login: has "DOMAIN+user", wants "user"

Tim Jordan timothy_jordan at labor.state.ak.us
Fri Jan 2 16:52:15 GMT 2004


Try stopping all the related services: smbd, nmbd, winbindd then wait a
minute and restart them.  Try your getent passwd and see where you
stand.

Tim
On Wed, 2003-12-31 at 23:07, Sean Lee wrote:

> I stopped Samba, rm -rf /var/lib/samba/*tdb, edited the config file
> (winbind use default domain = yes), started Samba. 
> The situation is the same - "DOMAIN+john" can login, "john" cannot.
> "getend passwod" and "getent group" show Windows accounts with the
> domain portion, I don't get it - there is very little to configure until
> the "getent" step... Is it possible that I misconfigured something else?
> 
> [root at redhat9 pam.d]# getent passwd | grep john
> DOMAIN+john:x:10004:10000:john:/home/winnt/DOMAIN/john:/bin/bash
> [root at redhat9 pam.d]# wbinfo -u
> DOMAIN+Administrator
> DOMAIN+Guest
> DOMAIN+john
> ...
> 
> Jan  1 23:52:50 redhat9 login(pam_unix)[30046]: check pass; user unknown
> Jan  1 23:52:50 redhat9 login(pam_unix)[30046]: authentication failure; logname= uid=0 euid=0 tty=tty1 ruser= rhost=
> Jan  1 23:52:59 redhat9 pam_winbind[30046]: request failed: Unexpected information received, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER
> Jan  1 23:52:59 redhat9 pam_winbind[30046]: internal module error (retval = 4, user = `john'
> Jan  1 23:52:59 redhat9 login(pam_unix)[30046]: check pass; user unknown
> Jan  1 23:53:01 redhat9 login[30046]: FAILED LOGIN 1 FROM (null) FOR john, Authentication failure
> Jan  1 23:53:07 redhat9 pam_winbind[30046]: user 'DOMAIN+john' granted acces
> Jan  1 23:53:07 redhat9 pam_winbind[30046]: user 'DOMAIN+john' granted acces
> Jan  1 23:53:07 redhat9 login(pam_unix)[30046]: session opened for user DOMAIN+john by (uid=0)
> Jan  1 23:53:07 redhat9  -- DOMAIN+john[30046]: LOGIN ON tty1 BY DOMAIN+john
> 
> Thanks & Happy New Year
> Sean
> 
> 
> On Wed, 31 Dec 2003 15:49:09 +0000 (GMT)
> John H Terpstra <jht at samba.org> wrote:
> 
> > On Wed, 31 Dec 2003, Sean Lee wrote:
> > 
> > > Hello,
> > >
> > > I'm using RH9 with latest Samba 3.0.x-x
> > >
> > > I configured winbind as per
> > > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection.html#id2935561
> > > I use the default smb.conf with following (from URL above) added to its
> > > global section:
> > >
> > > winbind separator = +
> > > idmap uid = 10000-20000
> > > idmap gid = 10000-20000
> > > winbind enum users = yes
> > > winbind enum groups = yes
> > > use nss_winbind = yes
> > > template homedir = /home/winnt/%D/%U
> > > template shell = /bin/bash
> > 
> > Add:
> > 
> > winbind use default domain = Yes
> > 
> > >
> > > I cannot login using Active Directory's "username"; instead I must use
> > > login "DOMAIN+username" at login prompt as recommended at
> > > http://lists.samba.org/archive/samba/2002-June/045313.html, otherwise I
> > > get the same error as mentioned at this URL.
> > >
> > > Why is that? I want to auth SMTP users via winbind so I want to be able
> > > to use "user" instead of "DOMAIN+user".
> > 
> > If the above change does not work for you let me know.
> > 
> > PS: For this to work you must:
> > 	1. Make the change shown
> > 	2. Stop Samba
> > 	3. Delete your existing /var/lib/samba/*tdb files
> > 		(could be in /var/cache/samba/*tdb or
> > 			/usr/local/samba/var/(tdb)
> > 	4. Restart Samba
> > 
> > Make certain that: getent passwd
> > shows your accounts without the Domain name portion.
> > 
> > - John T.
> > -- 
> > John H Terpstra
> > Email: jht at samba.org
> 


More information about the samba mailing list