[Samba] Unified logons with winbind and tdbsam backend

Juha Pietikäinen juha.pietikainen at connet.net
Tue Nov 1 05:54:57 GMT 2005

I am trying to setup unified logons to my VPN users.

My goal is to get rid of chap.secrets file and use winbind to authenticate
against tdbsam password backend located in the PDC (Fedora Core 1) running
with Samba 3.0.21pre1. I have tried with older Samba versions without
success. Using winbind should allow password changes from the Windows XP
Pro (SP2) -client using CTRL+ALT+DEL.

Smb.conf, nsswitch.conf and pam.d/system-auth are configured as they should
(according to Samba3-ByExample). Winbind.so and ntlm_auth-helper is added in
ppp(2.4.3)-configuration file.

Testing with ntlm_auth and wbinfo -a from the server both succeed with given
username (and domain+winbind separator+username) and password combination
but I can't logon from Windows XP client via winbind. Without winbind
(ms-chap-v2) authentication works fine. Wbinfo -t works but wbinfo -u and
wbinfo -g doesn't work.

I receive following error messages with ppp-debug option:
fgets() failed! dying..... errno=1 (Operation not permitted)
Peer DOMAIN\\user failed CHAP authentication

I haven't tried yet with LDAP because I want keep things simple and my
network is small.

Had anybody get this working with a similar configuration?

Juha Pietikäinen 

More information about the samba mailing list