[Samba] Q: winbindd and samba with "use default domain"

Ben Kim bkim at coe.tamu.edu
Tue Jan 13 21:35:51 GMT 2004 

Dear list,

I am trying to use winbind as the authentication mechanism for the Unix
servers. I have this final roadblock, and would appreciate to get some
help.

In a test on a Linux box, everything works greatly, telnet, ftp, pop3,
ssh. However, ironically, it broke samba. I suspect that the problem might
be that I use "use default domain = yes" option.

It is because we want to make everything transparent to users. (For
example, use existing pop account setting.)

At the moment, 
	smbclient -L mySambaServer -U myDomain\\myUser
seems to work. However, I cannot use the share from Windows side. 

net use y: \\mySambaServer\myShare /user:myDomain\myUser gives me (after
password): (/user:myUser gives the same.)

"System error 86 has occurred. The specified network password is not
correct."

I'm using the following options in smb.conf
==========================
[global]
   security = domain
   encrypt password = yes
   password server = *
   winbind use default domain = yes
   obey pam restrictions = yes

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   valid users = %S
   create mode = 0664
   directory mode = 0775
========================

Here's /etc/pam.d/samba config.
========================
auth       required     pam_nologin.so
auth       required pam_winbind.so
auth       required     pam_stack.so service=system-auth
account    required pam_winbind.so
account    required     pam_stack.so service=system-auth
session    sufficient pam_winbind.so
session    required     pam_stack.so service=system-auth
password   sufficient pam_winbind.so
password   required     pam_stack.so service=system-auth

If possible I'd like to run samba server with "security=server and encrypt
password=no" option while running winbind (for other services) with the
above options, but I failed to make it work. This did not work.

winbindd -s configFile1
smb -s configFile2

The problem seems again to be the winbind separator thing.

I'd like to ask, if anyone uses winbind for logon unification, are you
using it with the winbind separator? is it possible to do away with the
separator and satisfy samba as well?



Regards,
Ben

More information about the samba mailing list