[Samba] pam_winbind seems unable to return full list of trusted relationship domain members

Lazarus Long lazarus.long at bigfoot.com
Mon Sep 14 07:08:02 MDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lazarus Long wrote:
> Our scenario:
> - Our domain (ABRANTINA) is a Windows 2003R2 AD (RFC2307 enabled)
> - Trusted domain (REDE-LC) is a Windows 2003R2 AD
> - cafs01tst is a Debian "stable" based SAMBA 3.2.5 file server
> 
> Our goal:
> - Serve home and shares for users of both domains ABRANTINA and REDE-LC
> 
> Our implementation:
> (following guidelines from "Samba-3 by Example", and misc info gathered
> from the net)
> - Configured MIT Kerberos with info for both domains
> - Configured PAM to use pam_winbind
> - Configured NSS to use nss_winbind
> - Configured SAMBA to use the ADS security mechanism
> - Joined cafs01tst to ABRANTINA domain
> 
> Our problems:
> - Users from REDE-LC domain are unable to access cafs01tst, being asked
>   for a username/password pair (ABRANTINA users access without problem)
> - "getent passwd" only lists five REDE-LC users (always the same five),
>   while "wbinfo -u" lists all
> - SSH logging on to the system from REDE-LC users fails with
>   "pam_sm_authenticate returning 10" (ABRANTINA users access without
>   problem)

Can anybody be so kind to try to help us out here? Although the SAMBA
documentation states that this works we have been unable to get it right.

Thank you very much,

- --
Lazarus Long
<lazarus (dot) long (at) bigfoot (dot) com>

+--------------------------------------------------------------+
| PGP or GnuPG Key:                                            |
| http://wwwkeys.eu.pgp.net:11371/pks/lookup?search=0x5C1DC205 |
+--------------------------------------------------------------+

Please do not send me attachments in proprietary formats
without request (i.e. Word, PowerPoint or Excel documents),
see <http://www.gnu.org/philosophy/no-word-attachments.html>

Por favor não me envie anexos em formatos proprietários sem que
os tenha pedido (p.e. documentos em Word, PowerPoint ou Excel),
veja <http://www.gnu.org/philosophy/no-word-attachments.pt.html>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkquQDIACgkQCXRGvVwdwgUHuACfWW7GnnqcOda1CrMEhp2DVDaH
eX0AoMTbopqYjJjc+yqBa9bHPDPZwcZK
=Lpp5
-----END PGP SIGNATURE-----

More information about the samba mailing list