[Samba] Error accessing NT Member Server through winbindd

George, John jgeorge at isd.sbcounty.gov
Tue Mar 2 21:50:36 GMT 2004


I am attempting to use Samba 3.0.2a on RedHat 9.0 with winbindd to
authenticate accounts in an NT 4.0 domain to a samba member server with the
below configuration:


The samba configuration file is as follows:


        workgroup = Domainname

        netbios name = SBX-SMXXXX

        server string =  Samba Server

        interfaces =

        bind interfaces only = Yes

        security = DOMAIN

        obey pam restrictions = Yes

        password server = XXX-PDC XXX-BDC

        smb passwd file = /etc/samba/smbdomainname

        pam password change = Yes

        passwd program = /usr/bin/passwd %u

        passwd chat = *New*password* %n\n *Retype*new*password* %n\n

        unix password sync = Yes

        log file = /var/log/samba/%m.log

        max log size = 0

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        local master = No

        dns proxy = No

        wins server =

        lock directory = /var/cache/samba/domainname

        pid directory = /var/log/samba/domainname

        socket address =

        idmap uid = 10000-20001

        idmap gid = 10000-20001

        winbind separator = +


        comment = Home Directories

        valid users = %S

        read only = No

        create mask = 0664

        directory mask = 0775

        include = /etc/samba/conf/shares.conf


        comment = Public Stuff

        path = /home/public

        read only = No

Pam files configured as follows: 


System-auth file:


# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth        required      /lib/security/pam_env.so

# The two lines below added for winbindd configuration

auth        sufficient    /lib/security/pam_winbind.so

auth        sufficient    /lib/security/pam_unix.so likeauth nullok

auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3 type=

password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5

password    required      /lib/security/pam_deny.so

# Add the below line before any session line - for winbindd

session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/

session     required      /lib/security/pam_limits.so

session     required      /lib/security/pam_unix.so

Login File:


auth       required     /lib/security/pam_securetty.so

auth       required     /lib/security/pam_nologin.so

auth       sufficient   /lib/security/pam_winbind.so

auth       required     /lib/security/pam_pwdb.so use_first_pass shadow

account    required     /lib/security/pam_winbind.so


I made sure that 'smbd' and 'nmbd' were stopped, created the machine account
through NT, and then ran 'net rpc join -w Domainname -s
/etc/samba/configfile.conf -U administrator' and received 'Joined Domain'
message.  I then started these services.


Both getent passwd and getent group appear to pull correct information.



However, when I try to access the server, either through server manager, or
\\servername <file:///\\servername> , I receive the below error:

Configuration could not be read form the domain controller, either because
the machine is unavailable, or access has been denied.


chown also returns 'invalid user: Domain+username'


The nscd daemon is stopped.


I have RTFM'ed and have viewed similar issues on this and other newslists.

More information about the samba mailing list