[Samba] winbind/ windows ad issues FIXED!

Daniel Khan d.khan at ventigo.com
Sun Sep 4 19:57:24 GMT 2005

Hello List,

Daniel Khan wrote:

> When I try to sign on (su) with a windows account the follwoing happens:
> # su dkhan
> su: Authentication service cannot retrieve authentication info.
> (Ignored)

For the archives. I was finally able to solve this problem.

It simply was

1.) a wrong order inside the pams system-auth configuration.

I now have:
# cat /etc/pam.d/system-auth

auth       required     pam_env.so
auth       sufficient   pam_unix.so likeauth nullok
auth       sufficient   pam_winbind.so debug use_first_pass

auth       required     pam_deny.so

account    sufficient   pam_winbind.so debug
account    required     pam_unix.so

password   required     pam_cracklib.so retry=3
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   required     pam_deny.so

session    required     pam_limits.so
session    required     pam_unix.so
session    optional     pam_winbind.so debug
session    optional     pam_mkhomedir.so

This works fine and even creates the homedir as expected.

2.) a missing smb.conf shell setting for the ad users (which defaulted 
to /bin/false)

I added

template shell= /bin/bash

to smb.conf

Now I'm done!


Daniel Khan

More information about the samba mailing list