[Samba] Upgraded to 3.5.8 local users unable to log in AD users can

Alfanoid aford at stanwell.com
Tue Mar 15 16:32:08 MDT 2011


Daniel Müller <mueller <at> tropenklinik.de> writes:

> 
> You system was trying to authenticate with winbind!?
> Did Winbind run is your smb.conf configuration to interact with winbind?
> 
> -----------------------------------------------
> EDV Daniel Müller
> 
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> 
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller <at> tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> 
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces <at> lists.samba.org [mailto:samba-bounces <at>
lists.samba.org] Im
> Auftrag von Alfanoid
> Gesendet: Dienstag, 15. März 2011 01:39
> An: samba <at> lists.samba.org
> Betreff: [Samba] Upgraded to 3.5.8 local users unable to log in AD users can
> 
> Hi all,
> 
> Upgraded Samba on RHEL5 from 3.0.33 to 3.5.8 from an rpm. Have an issue
> where AD
> users can connect to the linux box but local unix accounts cannot.
> 
> We are using PAM not kerberos.
> 
> After much looking and trail and error. I commented out this line in the
> /etc/pam.d/system-auth file and it works. Why???
> 
> account     required      pam_unix.so broken_shadow
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> #account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
> account     required      pam_permit.so
> 
> I'm not really ofay with how the whole authentication works.
> 
> Thanks!!
> 

Yes to all of the above.

Upgraded from a working Samba 3.0.33-3.28.el5.

Here is the pertinent smb.conf section

   workgroup = STANWELL
   password server = dc2dc01.stanwell.com dc1dc01.stanwell.com
   realm = STANWELL.COM
   security = ads
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false





More information about the samba mailing list