[Samba] PAM winbind authentication problem NT domain

[Martin Vuille]

> Hi Martin,
> My experience from this is in getting ubuntu workstations to operate in
> the domain environment, also using a samba PDC in a mixed windows/linux
> environment.  It took me a couple weeks to piece everything together,
> was not a trivial task.  I have posted my notes to this list on how I
> configured the ubuntu workstation, so you might find it useful to find
> that and compare against your DMS config.
> The wbinfo and net commands were instrumental in tracking down my
> problems, which mostly ended up being on the PDC itself.  the biggest
> lesson I took away about using winbind on a DMS is that it won't work
> if
> your PDC isn't configured correctly.
> wbinfo with its various switches allow you to convert
> sid/rid/gid/uid/name back and forth and to each other.  I would guess
> that at least one of these conversions will fail if you try them all
> against your valid user.  The other switches might also provide you
> more
> clues.

Hi Bob. Thanks for all your additional helpful advice.

Unfortunately, all the things that you suggest are things that I have
already tried on my own but for brevity did not mention in my posting. I can
map SID and RID <-> UID and GID and name etc. and everything looks kosher
(including challenge/response authentication), with the sole exception of
the plaintext password authentication.

Everything looks OK on the PDC as well. Plus authentication of that and
other users works fine on Windows workstations, and has been working well
for months. I am open to some configuration issue there, but if there is
I can't put my finger on it.

I will look for your notes/postings on the list.

MV