[Samba] Winbind/ads/pam auth

Stefanos Karasavvidis sk at isc.tuc.gr
Fri May 20 13:46:06 GMT 2005

you can setup your samba configuration to have a default Domain so the 
usernames as the linux machine sees them, will have only the username 
part (without the Domain) and you can work as expected.

Simply put
winbind use default domain = yes
in your smb.conf

There is a catch though. You can't have users with the same username 
under different domains


Ross McInnes wrote:
> Hi list
> Got an odd "problem" here.
> But, ive followed the howtos etc getting pam authentication to work etc
> Ive just setup imap, the domain username is "test"
> When I run getent passwd im returned with 
> DEV-DOMAIN+test:x:10012:10023:test test:/home/DEV-DOMAIN/test:/bin/false
> When I logon onto the windows 2k3 AD as test, it all logs on, sees the Home
> drive on the samba server (authenticates etc) but when I setup imap it wont
> let me logon.
> dev1 imapd[11078]: Login failed user=test auth=test host=[]
> dev1 imapd[11079]: Login failed user=test auth=test host=[]
> dev1 imapd[11083]: Login failed user=test auth=test host=[]
> But when I change the user name on the mail client to what getent password
> sees (i.e DEV-DOMAIN+test)
> dev1 pam_winbind[11077]: user 'DEV-DOMAIN+test' granted access
> dev1 imapd[11077]: Login user=DEV-DOMAIN+test host=[]
> It works!
> Why wont it accept just "test" since I cannot expect my users to put in
> AD+username
> Any thoughts/ideas/magical faq page ive over looked??
> Cheers
> Ross

Stefanos Karasavvidis
Electronic & Computer Engineer, M.Eng.
e-mail : sk at isc.tuc.gr

Technical University of Crete, Campus
Information Systems Center
Address: Akrotiri, Chania, 73100
Tel.: (+30) 28210 37352, 37355 (central), 37766 (ENV.ENG. buildings)
Fax:  (+30) 28210 37571

More information about the samba mailing list