[Samba] samba 3.5.6 authentication with AD 2008

Tharanga Abeyseela (RGA) tharanga.abeyseela at rexelga.com.au
Tue Nov 30 21:36:49 MST 2010 

Hi guys,

I have installed samba with AD authentication. Ntlm_auth is working without any issue with the domain.
But if I connect using my windows pc, to the samba share, it gives following error.

Wbinfo -u  / wbinfo -g giving the correct output. And ntlm_auth also working without any issue.

If I try to connect from my windows PC to the samba share it gives following error.

[2010/12/01 15:25:25.988709,  3] winbindd/winbindd_pam.c:1839(winbindd_dual_pam_auth_crap)
  [ 3556]: pam auth crap domain: AXD user: tharanga
[2010/12/01 15:25:25.990456,  4] winbindd/winbindd_dual.c:1525(fork_domain_child)
  Finished processing child request 14
[2010/12/01 15:25:53.454154,  4] winbindd/winbindd_dual.c:1517(fork_domain_child)
  child daemon request 20
[2010/12/01 15:25:53.454232,  3] winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains)
  [ 3556]: list trusted domains
[2010/12/01 15:25:53.454257,  3] winbindd/winbindd_ads.c:1269(trusted_domains)
  ads: trusted_domains
[2010/12/01 15:25:53.455409,  4] winbindd/winbindd_dual.c:1525(fork_domain_child)
  Finished processing child request 20

Ntlm_auth gives NT_STATUS_OK: Success (0x0)

Iam using samba 3.5.6 latest version.

[global]
workgroup = AXD
realm = AXD.COM
password server = *
server string = Samba file and print server
security = ADS
encrypt passwords = yes
log level = 4
log file = /var/log/samba/%m
max log size = 50
#winbind separator = +
#client schannel = no
obey pam restrictions = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
#winbind use default domain = yes
auth methods = winbind
nt acl support = yes
map acl inherit = yes
winbind enum users = yes
winbind enum groups = yes
#client ntlmv2 auth = yes
template homedir = /home/%D/%U
template shell = /bin/bash
winbind trusted domains only = no
allow trusted domains = yes

[BMS]
comment = BMS path
path = /pro/psd_apps/
valid users = @RAP\test
writable = yes
inherit acls = yes
inherit permissions = yes

/etc/nssswitch.conf
passwd:     compat winbind
shadow:     compat
group:      compat winbind

/etc/pam.d/samba

auth_required /lib/security/pam_winbind.so
account_required  /lib/security/pam_winbind.so

auth       required     pam_nologin.so
auth       include      system-auth
account    include      system-auth
session    include      system-auth
password   include      system-auth

I have crearted  following files.


cat /etc/pam.d/common-account
account sufficient      pam_winbind.so
account required        pam_unix.so

cat /etc/pam.d/common-auth
auth    sufficient      pam_winbind.so
auth    required        pam_unix.so use_first_pass

 cat /etc/pam.d/common-session
session sufficient      pam_winbind.so
session required        pam_unix.so



whats missing in my config ?

many thanks,
Tharanga

More information about the samba mailing list