[Samba] Windows pre-requisites for login with winbind?
rpenny at samba.org
Tue Aug 22 15:01:02 UTC 2017
On Tue, 22 Aug 2017 14:35:59 +0000
"A. James Lewis" <james at fsck.co.uk> wrote:
> I think we're getting confused with the kerberos issue created by my
> errant DNS server... with the original problem, all the commands I
> have sent showing an issue with kerberos were working originally,
> with the config which explicitly defined "kdc =", and are now working
> again, with your new config, now that I have fixed the DNS... but the
> original problem is that I have a very small number of users which
> don't work.... winbind says that they don't exist, while every other
> user works just fine...
> Those 3 users that don't work are the most recent 3 to be added, and
> since I don't have control over the AD, I can't say if there's some
> parameter or group they don't have which stops them from working, but
> I don't think it's a co-incidence that they are not "random" users,
> but only "new" users.
> Obviously since they can log in to windows desktops, winbind
> behaviour must be different to Windows... but surely there has to be
> an AD component to this too.
> The common-auth line you have below is precisely what I have.
Well, yes you probably have, that comes from the libpam-winbind
package, you just need the 'glue' that comes from the libpam-krb5
Now that you are using the 'rid' backend, you do not need to add
anything to AD, so your new users should work.
More information about the samba