[Samba] Authenticating against linux before windows

Larry Martell larry.martell at gmail.com
Mon Apr 2 23:24:05 GMT 2007

We have a samba server running on linux with winbindd. We want the
linux passwd file to be consulted first, and then if it fails, continue on
to use winbind. I did not set this up, and I've never administrated a
samba server before. I have read the O'Reilly Using Samba book,
and looking at the config files I believe it is set up to get the
desired behavior.

/etc/nsswitch.conf has:

passwd:     files winbind
shadow:     files winbind
group:        files winbind

/etc/pam.d/system-auth has:

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_winbind.so use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so broken_shadow
account     sufficient    /lib/security/pam_localuser.so
account     sufficient    /lib/security/pam_succeed_if.so uid < 100 quiet
account     [default=bad success=ok user_unknown=ignore]
account     required      /lib/security/pam_permit.so

password    requisite     /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password    sufficient    /lib/security/pam_winbind.so use_authtok
password    required      /lib/security/pam_deny.so

session     optional      /lib/security/pam_mkhomedir.so
skel=/etc/skel umask=0022
session     required      /lib/security//pam_limits.so
session     required      /lib/security/pam_unix.so

However, every time a user who exists only on the linux side authenticates I
see a message like this in winbindd.log:

[2007/04/02 17:18:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032)
  user 'XXXX' does not exist

This makes me think that it's authenticating using winbind first.

So my questions are:

1) Am I correct that the log messages I see mean that it's authenticating
    using winbind first?

2) If so, how do I make it use the linux files before winbind?

3) If not, why do I get those messages, and what do that mean?


More information about the samba mailing list