[Samba] Re: samba with ADS. winbindd ignore for user authentication

Rex Dieter rdieter at math.unl.edu
Wed Oct 19 17:49:14 GMT 2005

Oliver Neubauer wrote:

> I'm trying to set up samba using ADS for authentication.
> I can successfully join the samba machine to the domain. Windows hosts 
> can "see" the samba machine.
> After successfully joining, doing:
> # wbinfo -u
> shows me ADS-defined users. Same goes for groups.
> However, when I try and assign one of those users ownership of a file, I 
> get:
> # chown user1 /tmp/test
> chown: test1: illegal user name
> even though that user is a valid AD user.

You need to configure pam to use nss_winbind, see
for example, my /etc/pam.d/system-auth contains references to pam_winbind:

auth        sufficient    /lib/security/$ISA/pam_winbind.so use_first_pass
account     [default=bad success=ok user_unknown=ignore] 
password    sufficient    /lib/security/$ISA/pam_winbind.so use_authtok

More information about the samba mailing list