[Samba] Upgraded to 3.5.8 local users unable to log in AD users can
Taylor, Jonn
jonnt at taylortelephone.com
Wed Mar 16 07:00:25 MDT 2011
On 03/15/2011 05:32 PM, Alfanoid wrote:
> Daniel Müller <mueller <at> tropenklinik.de> writes:
>
>> You system was trying to authenticate with winbind!?
>> Did Winbind run is your smb.conf configuration to interact with winbind?
>>
>> -----------------------------------------------
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>>
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller <at> tropenklinik.de
>> Internet: www.tropenklinik.de
>> -----------------------------------------------
>>
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces <at> lists.samba.org [mailto:samba-bounces <at>
> lists.samba.org] Im
>> Auftrag von Alfanoid
>> Gesendet: Dienstag, 15. März 2011 01:39
>> An: samba <at> lists.samba.org
>> Betreff: [Samba] Upgraded to 3.5.8 local users unable to log in AD users can
>>
>> Hi all,
>>
>> Upgraded Samba on RHEL5 from 3.0.33 to 3.5.8 from an rpm. Have an issue
>> where AD
>> users can connect to the linux box but local unix accounts cannot.
>>
>> We are using PAM not kerberos.
>>
>> After much looking and trail and error. I commented out this line in the
>> /etc/pam.d/system-auth file and it works. Why???
>>
>> account required pam_unix.so broken_shadow
>> account sufficient pam_succeed_if.so uid < 500 quiet
>> #account [default=bad success=ok user_unknown=ignore] pam_winbind.so
>> account required pam_permit.so
>>
>> I'm not really ofay with how the whole authentication works.
>>
>> Thanks!!
>>
> Yes to all of the above.
>
> Upgraded from a working Samba 3.0.33-3.28.el5.
>
> Here is the pertinent smb.conf section
>
> workgroup = STANWELL
> password server = dc2dc01.stanwell.com dc1dc01.stanwell.com
> realm = STANWELL.COM
> security = ads
> idmap uid = 16777216-33554431
> idmap gid = 16777216-33554431
> template shell = /bin/bash
> winbind use default domain = true
> winbind offline logon = false
>
>
>
Change these to:
winbind use default domain = Yes
winbind offline logon = No
Some of the syntax changed between 3.0 and 3.5. See
/usr/share/doc/samba3/examples/smb.conf.SerNet-RedHat if use SerNet
packages or http://wiki.samba.org/index.php/Samba_&_Active_Directory .
Jonn
More information about the samba
mailing list