[Samba] Authenticating against Win2003 Server
Greg Trounson
gregt at maths.otago.ac.nz
Mon Jul 18 01:47:13 GMT 2005
Hi,
I'm running a Debian Sarge box that I want to authenticate against a Win
2003 Server. I understand that the old RH way of doing it was to use
pam_smb_auth.so, which was easy to set up but inherently insecure.
So, I've configured pam, winbind and samba, but obviously not quite
correctly. When I try to su to a user with a windows password it fails
and I get the following error in /var/log/auth.log:
pam_winbind[12063]: request failed: No such user, PAM error was 10, NT
error was NT_STATUS_NO_SUCH_USER
This user definitely exists in both /etc/passwd, and in the windows ADS
tree. I can log in as the same user with the unix password, so at least
the pam_unix module is working.
Another clue:
wbinfo -u on its own fails, but it works fine if I run:
wbinfo --set-auth-user=gregt -u and enter a password.
Any ideas?
thanks,
Greg
Extract from /etc/samba/smb.conf
---------------------
workgroup = my.domain.com
realm = MY.DOMAIN.COM
security = DOMAIN
password server = server1 server2
winbind uid = 30000-40000
winbind gid = 30000-40000
template shell = /bin/bash
winbind separator = +
pam.d/common-auth
-----------------
auth sufficient pam_unix.so nullok_secure
auth sufficient /lib/security/pam_winbind.so use_first_pass
/etc/nsswitch.conf
------------------
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns
networks: files dns
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Greg
--
To UNSUBSCRIBE, email to debian-user-REQUEST at lists.debian.org with a
subject of "unsubscribe". Trouble? Contact listmaster at lists.debian.org
More information about the samba
mailing list