[Samba] Error accessing NT Member Server through winbindd
George, John
jgeorge at isd.sbcounty.gov
Tue Mar 2 21:50:36 GMT 2004
Hi,
I am attempting to use Samba 3.0.2a on RedHat 9.0 with winbindd to
authenticate accounts in an NT 4.0 domain to a samba member server with the
below configuration:
The samba configuration file is as follows:
[global]
workgroup = Domainname
netbios name = SBX-SMXXXX
server string = Samba Server
interfaces = 170.164.254.4/26
bind interfaces only = Yes
security = DOMAIN
obey pam restrictions = Yes
password server = XXX-PDC XXX-BDC
smb passwd file = /etc/samba/smbdomainname
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = No
dns proxy = No
wins server = 170.164.34.68
lock directory = /var/cache/samba/domainname
pid directory = /var/log/samba/domainname
socket address = 170.164.254.4/26
idmap uid = 10000-20001
idmap gid = 10000-20001
winbind separator = +
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
include = /etc/samba/conf/shares.conf
[public]
comment = Public Stuff
path = /home/public
read only = No
Pam files configured as follows:
System-auth file:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
# The two lines below added for winbindd configuration
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shadow
password required /lib/security/pam_deny.so
# Add the below line before any session line - for winbindd
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
Login File:
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow
nullok
account required /lib/security/pam_winbind.so
I made sure that 'smbd' and 'nmbd' were stopped, created the machine account
through NT, and then ran 'net rpc join -w Domainname -s
/etc/samba/configfile.conf -U administrator' and received 'Joined Domain'
message. I then started these services.
Both getent passwd and getent group appear to pull correct information.
However, when I try to access the server, either through server manager, or
\\servername <file:///\\servername> , I receive the below error:
Configuration could not be read form the domain controller, either because
the machine is unavailable, or access has been denied.
chown also returns 'invalid user: Domain+username'
The nscd daemon is stopped.
I have RTFM'ed and have viewed similar issues on this and other newslists.
More information about the samba
mailing list