[Samba] Re: samba with ADS. winbindd ignore for user
oliver at netfirms.com
Thu Oct 20 17:45:02 GMT 2005
Thanks Rex, that was helpful. However, I have now run into something
else. From the smb.conf documentation:
obey pam restrictions (G)
Note that Samba always ignores PAM for authentication in the case of
encrypt passwords = yes. The reason is that PAM modules cannot support
the challenge/response authentication mechanism needed in the presence
of SMB password encryption.
So, if I have to use encrypted passwords, and I can't use nsswitch
(apparently not working in FreeBSD 4.x), and PAM is ignored....am I out
Say it ain't so.
Rex Dieter wrote:
> Oliver Neubauer wrote:
>> I'm trying to set up samba using ADS for authentication.
>> I can successfully join the samba machine to the domain. Windows hosts
>> can "see" the samba machine.
>> After successfully joining, doing:
>> # wbinfo -u
>> shows me ADS-defined users. Same goes for groups.
>> However, when I try and assign one of those users ownership of a file,
>> I get:
>> # chown user1 /tmp/test
>> chown: test1: illegal user name
>> even though that user is a valid AD user.
> You need to configure pam to use nss_winbind, see
> for example, my /etc/pam.d/system-auth contains references to pam_winbind:
> auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
> account [default=bad success=ok user_unknown=ignore]
> password sufficient /lib/security/$ISA/pam_winbind.so use_authtok
5160 Yonge St.
Toronto, ON, CA
More information about the samba