[Samba] Winbind/ads/pam auth

Ross McInnes ross at stvincent.ac.uk
Fri May 20 14:14:18 GMT 2005 

MAGIC!

Thanks sk

Well at the moment its not a problem since im only using one domain and
probably only will be. Maybes heh

On a side note, even though nsswitch.conf has shadow set to files and
winbind any ideas if and why it doesn't show domain users/crypted passwords?

Thanks for your help.

Ross 

-----Original Message-----
From: samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
[mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org] On Behalf Of
Stefanos Karasavvidis
Sent: 20 May 2005 14:46
To: samba at samba.org
Subject: Re: [Samba] Winbind/ads/pam auth

you can setup your samba configuration to have a default Domain so the
usernames as the linux machine sees them, will have only the username part
(without the Domain) and you can work as expected.

Simply put
winbind use default domain = yes
in your smb.conf

There is a catch though. You can't have users with the same username under
different domains

sk

Ross McInnes wrote:
> Hi list
> 
> Got an odd "problem" here.
> 
> But, ive followed the howtos etc getting pam authentication to work 
> etc
> 
> Ive just setup imap, the domain username is "test"
> 
> When I run getent passwd im returned with
> 
> DEV-DOMAIN+test:x:10012:10023:test 
> DEV-DOMAIN+test:/home/DEV-DOMAIN/test:/bin/false
> 
> When I logon onto the windows 2k3 AD as test, it all logs on, sees the 
> Home drive on the samba server (authenticates etc) but when I setup 
> imap it wont let me logon.
> 
> dev1 imapd[11078]: Login failed user=test auth=test 
> host=[172.16.2.252]
> dev1 imapd[11079]: Login failed user=test auth=test 
> host=[172.16.2.252]
> dev1 imapd[11083]: Login failed user=test auth=test 
> host=[172.16.2.252]
> 
> But when I change the user name on the mail client to what getent 
> password sees (i.e DEV-DOMAIN+test)
> 
> dev1 pam_winbind[11077]: user 'DEV-DOMAIN+test' granted access
> dev1 imapd[11077]: Login user=DEV-DOMAIN+test host=[172.16.2.252]
> 
> It works!
> 
> Why wont it accept just "test" since I cannot expect my users to put 
> in
> AD+username
> 
> Any thoughts/ideas/magical faq page ive over looked??
> 
> Cheers
> 
> Ross
> 

--
======================================================================
Stefanos Karasavvidis
Electronic & Computer Engineer, M.Eng.
e-mail : sk at isc.tuc.gr

Technical University of Crete, Campus
Information Systems Center
Address: Akrotiri, Chania, 73100
Tel.: (+30) 28210 37352, 37355 (central), 37766 (ENV.ENG. buildings)
Fax:  (+30) 28210 37571
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list