[Samba] samba 3.5.6 authentication with AD 2008
Tharanga Abeyseela (RGA)
tharanga.abeyseela at rexelga.com.au
Tue Nov 30 21:36:49 MST 2010
Hi guys,
I have installed samba with AD authentication. Ntlm_auth is working without any issue with the domain.
But if I connect using my windows pc, to the samba share, it gives following error.
Wbinfo -u / wbinfo -g giving the correct output. And ntlm_auth also working without any issue.
If I try to connect from my windows PC to the samba share it gives following error.
[2010/12/01 15:25:25.988709, 3] winbindd/winbindd_pam.c:1839(winbindd_dual_pam_auth_crap)
[ 3556]: pam auth crap domain: AXD user: tharanga
[2010/12/01 15:25:25.990456, 4] winbindd/winbindd_dual.c:1525(fork_domain_child)
Finished processing child request 14
[2010/12/01 15:25:53.454154, 4] winbindd/winbindd_dual.c:1517(fork_domain_child)
child daemon request 20
[2010/12/01 15:25:53.454232, 3] winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains)
[ 3556]: list trusted domains
[2010/12/01 15:25:53.454257, 3] winbindd/winbindd_ads.c:1269(trusted_domains)
ads: trusted_domains
[2010/12/01 15:25:53.455409, 4] winbindd/winbindd_dual.c:1525(fork_domain_child)
Finished processing child request 20
Ntlm_auth gives NT_STATUS_OK: Success (0x0)
Iam using samba 3.5.6 latest version.
[global]
workgroup = AXD
realm = AXD.COM
password server = *
server string = Samba file and print server
security = ADS
encrypt passwords = yes
log level = 4
log file = /var/log/samba/%m
max log size = 50
#winbind separator = +
#client schannel = no
obey pam restrictions = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
#winbind use default domain = yes
auth methods = winbind
nt acl support = yes
map acl inherit = yes
winbind enum users = yes
winbind enum groups = yes
#client ntlmv2 auth = yes
template homedir = /home/%D/%U
template shell = /bin/bash
winbind trusted domains only = no
allow trusted domains = yes
[BMS]
comment = BMS path
path = /pro/psd_apps/
valid users = @RAP\test
writable = yes
inherit acls = yes
inherit permissions = yes
/etc/nssswitch.conf
passwd: compat winbind
shadow: compat
group: compat winbind
/etc/pam.d/samba
auth_required /lib/security/pam_winbind.so
account_required /lib/security/pam_winbind.so
auth required pam_nologin.so
auth include system-auth
account include system-auth
session include system-auth
password include system-auth
I have crearted following files.
cat /etc/pam.d/common-account
account sufficient pam_winbind.so
account required pam_unix.so
cat /etc/pam.d/common-auth
auth sufficient pam_winbind.so
auth required pam_unix.so use_first_pass
cat /etc/pam.d/common-session
session sufficient pam_winbind.so
session required pam_unix.so
whats missing in my config ?
many thanks,
Tharanga
More information about the samba
mailing list