[Samba] Re: samba with ADS. winbindd ignore for user authentication
Rex Dieter
rdieter at math.unl.edu
Wed Oct 19 17:49:14 GMT 2005
Oliver Neubauer wrote:
> I'm trying to set up samba using ADS for authentication.
>
> I can successfully join the samba machine to the domain. Windows hosts
> can "see" the samba machine.
>
> After successfully joining, doing:
> # wbinfo -u
> shows me ADS-defined users. Same goes for groups.
>
> However, when I try and assign one of those users ownership of a file, I
> get:
>
> # chown user1 /tmp/test
> chown: test1: illegal user name
> even though that user is a valid AD user.
You need to configure pam to use nss_winbind, see
http://us1.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html#id2634773
for example, my /etc/pam.d/system-auth contains references to pam_winbind:
auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
...
account [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_winbind.so
...
password sufficient /lib/security/$ISA/pam_winbind.so use_authtok
More information about the samba
mailing list