[Samba] domain member server authentication problem

Emrys Hughes emrys at stateart.com.au
Wed Apr 5 10:31:04 GMT 2006 

Hi

I'm having problems  implementing a domain member server using winbind.

I've setup a test share on the server (BERTHOG) and test user (alex)  
on the PDC (RODNEY).

Winbind seems to be running fine:

berthog:/srv$ wbinfo -n alex
S-1-5-21-2502943273-132007109-1129902423-3006 User (1)

But when I try to connect to the share:

berthog:/srv$ smbclient //BERTHOG/shared -U alex
Password:
session setup failed: NT_STATUS_LOGON_FAILURE

The machine log shows this:

[2006/04/05 20:14:36, 0] auth/pampass.c:smb_pam_account(573)
   smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account  
Management for User
: STATEART+alex
[2006/04/05 20:14:36, 0] auth/pampass.c:smb_pam_accountcheck(781)
   smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting  
User STATEART
+alex!


I don't believe any modifications have to be made to the PAM files to  
get samba/winbind working?

Any advice would be gratefully recieved!


My smb.conf follows:


[global]

## Browsing/Identification ###

    workgroup = stateart
    netbios name = BERTHOG
    server string = %h server (Samba %v)

    wins support = no
    wins server = 192.168.2.97
    winbind use default domain = yes
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind enum users = yes
    winbind enum groups = yes
    template primary group = "Domain Users"
    winbind separator = +

# This will prevent nmbd to search for NetBIOS names through DNS.
    dns proxy = no

# What naming service and in what order should we use to resolve host  
names
# to IP addresses
    name resolve order = wins bcast hosts


#### Debugging/Accounting ####

    log file = /var/log/samba/log.%m
    max log size = 1000
;   syslog only = no
    syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
    panic action = /usr/share/samba/panic-action %d


####### Authentication #######

    security = domain
;   security = share
    password server = *
    domain master = no

# You may wish to use password encryption.  See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
    encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
    passdb backend = tdbsam guest

    obey pam restrictions = yes

;   guest account = nobody
    invalid users = root
;   unix password sync = no

    load printers = no


######## File sharing ########

# Name mangling options
;   preserve case = yes
;   short preserve case = yes


############ Misc ############

    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192


#======================= Share Definitions =======================

[shared]
    path = /srv/TESTFS/shared
    writeable = yes
    valid users = alex
    create mode = 0660
    directory mode = 0770

More information about the samba mailing list