[Samba] problem authenticating users to Active Directory after Ubuntu 12.04 -> 14.04 upgrade
Geoff Rowland
growland at heavyhammer.com
Fri Apr 25 11:55:55 MDT 2014
On 04/25/2014 01:40 PM, Rowland Penny wrote:
> On 25/04/14 18:26, Geoff Rowland wrote:
>>
>> On 04/25/2014 01:21 PM, Rowland Penny wrote:
>>> On 25/04/14 18:12, Geoff Rowland wrote:
>>>> I had forgotten I changed my pam files to default...now I changed them
>>>> back to what I had before so that winbind shows up before pam_unix -
>>>> and here is the output from auth.log:
>>>>
>>>> Apr 25 13:08:09 mycomputer lightdm: pam_winbind(lightdm:auth): getting
>>>> password (0x00000000)
>>>> Apr 25 13:08:15 mycomputer lightdm: pam_winbind(lightdm:auth): user
>>>> 'growland' granted access
>>>> Apr 25 13:08:15 mycomputer lightdm: pam_unix(lightdm:account): could
>>>> not identify user (from getpwnam(growland))
>>>> Apr 25 13:08:15 mycomputer lightdm: PAM unable to
>>>> dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open
>>>> shared object file: No such file or directory
>>>>
>>>> Returns with invalid password (but I know the password is correct)
>>>>
>>>>
>>>> On 04/25/2014 11:41 AM, steve wrote:
>>>>> On Fri, 2014-04-25 at 11:27 -0400, Geoff Rowland wrote:
>>>>>
>>>>>
>>>>>> not sure what else to try?
>>>>> Look at the log at the time of the login.
>>>>>
>>>>> Unless 14.04 has changed radically, I'd:
>>>>> tail -f /var/log/syslog
>>>>>
>>>>> Anything?
>>>>> HTH
>>>>> Steve
>>>>>
>>>>>
>>> sigh, I will try again, does 'getent passwd' show your domain users ???
>>>
>>> Rowland
>>>
>> getent passwd does not show my domain users...but it also does not
>> show my domain users on my 12.04 box, which is working fine.
>>
>> wbinfo -u does show domain users.
>>
>> net ads testjoin says Join is OK
>>
>> klist shows ticket expires tomorrow
>> (I do seem to have to kinit to get a new ticket every time i reboot
>> the computer though?)
> OK, last thing first, put this in smb.conf:
>
> winbind refresh tickets = Yes
>
> Reload your config: smbcontrol all reload-config
>
> Getent needs to show your domain users, do you have winbind in
> /etc/nssswitch.conf :
>
> ......
> passwd: compat winbind
> group: compat winbind
>
> Do you have libpam-winbind & libpam-krb5 installed ?
>
> Rowland
>
yes, I have libpam-winbind + libpam-krb5 installed, as well as winbind
in /etc/nsswitch.conf.
I added the entry to smb.conf and performed the command (restarted the
services as well, just to be sure), however I still have the same issue.
More information about the samba
mailing list