[Samba] problem authenticating users to Active Directory after Ubuntu 12.04 -> 14.04 upgrade

Rowland Penny rowlandpenny at googlemail.com
Fri Apr 25 11:40:15 MDT 2014 

On 25/04/14 18:26, Geoff Rowland wrote:
>
>
> On 04/25/2014 01:21 PM, Rowland Penny wrote:
>> On 25/04/14 18:12, Geoff Rowland wrote:
>>> I had forgotten I changed my pam files to default...now I changed them
>>> back to what I had before so that winbind shows up before pam_unix -
>>> and here is the output from auth.log:
>>>
>>> Apr 25 13:08:09 mycomputer lightdm: pam_winbind(lightdm:auth): getting
>>> password (0x00000000)
>>> Apr 25 13:08:15 mycomputer lightdm: pam_winbind(lightdm:auth): user
>>> 'growland' granted access
>>> Apr 25 13:08:15 mycomputer lightdm: pam_unix(lightdm:account): could
>>> not identify user (from getpwnam(growland))
>>> Apr 25 13:08:15 mycomputer lightdm: PAM unable to
>>> dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open
>>> shared object file: No such file or directory
>>>
>>> Returns with invalid password (but I know the password is correct)
>>>
>>>
>>> On 04/25/2014 11:41 AM, steve wrote:
>>>> On Fri, 2014-04-25 at 11:27 -0400, Geoff Rowland wrote:
>>>>
>>>>
>>>>> not sure what else to try?
>>>> Look at the log at the time of the login.
>>>>
>>>> Unless 14.04 has changed radically, I'd:
>>>> tail -f /var/log/syslog
>>>>
>>>> Anything?
>>>> HTH
>>>> Steve
>>>>
>>>>
>> sigh, I will try again, does 'getent passwd' show your domain users ???
>>
>> Rowland
>>
> getent passwd does not show my domain users...but it also does not 
> show my domain users on my 12.04 box, which is working fine.
>
> wbinfo -u does show domain users.
>
> net ads testjoin says Join is OK
>
> klist shows ticket expires tomorrow
> (I do seem to have to kinit to get a new ticket every time i reboot 
> the computer though?)
OK, last thing first, put this in smb.conf:

winbind refresh tickets = Yes

Reload your config: smbcontrol all reload-config

Getent needs to show your domain users, do you have winbind in 
/etc/nssswitch.conf :

......
passwd:         compat winbind
group:          compat winbind

Do you have libpam-winbind & libpam-krb5 installed ?

Rowland

More information about the samba mailing list