[Samba] help whith linux client on domain

jmpatagonia jmpatagonia at gmail.com
Wed Jul 1 15:34:12 UTC 2020 

 Hello we have  Samba Version 4.3.11, we are trying to logon linux desktop
clients on domain, we easy can join the client on the domain with net rpc
join -S 10.11.37.3 -U xxxxx it is satisfactory. We don't have kinit server.

Later we install libpam-winbind, winbind ,libnss-winbind and samba on the
client side.

Edit nsswitch.conf  -->
                  passwd:         compat winbind
                  group:          compat winbind
                  shadow:         compat winbind

edit smb.conf -> security = *domain .......*

edit /etc/pam.d/common-auth,/etc/pam.d/common-session,
edit  /etc/lightdm/lightdm.conf
[SeatDefaults]
allow-guest=false
greeter-show-manual-login=true

Problem:
The problem was when try try logon on desktop login console we use
domain\username and always get error "invalid password please try again"

--> /var/log/auth.log
Jul  1 12:29:10 samba-cliente lightdm: pam_winbind(lightdm:auth): user
'policia\gafranchello' granted access
Jul  1 12:29:10 samba-cliente lightdm: pam_unix(lightdm:account): could not
identify user (from getpwnam(gafranchello))

But if we use a user that it it is still created on the client desktop, and
use the domain password, work

Jul  1 12:31:26 samba-cliente lightdm: pam_winbind(lightdm:auth): getting
password (0x00000000)
Jul  1 12:31:30 samba-cliente lightdm: pam_winbind(lightdm:auth): user
'policia\jmperrote' granted access
Jul  1 12:31:30 samba-cliente lightdm: pam_unix(lightdm-greeter:session):
session closed for user lightdm
Jul  1 12:31:30 samba-cliente lightdm:
pam_kwallet(lightdm-greeter:session): pam_kwallet: pam_sm_close_session
Jul  1 12:31:30 samba-cliente lightdm:
pam_kwallet5(lightdm-greeter:session): pam_kwallet5: pam_sm_close_session
Jul  1 12:31:30 samba-cliente lightdm:
pam_kwallet(lightdm-greeter:setcred): pam_kwallet: pam_sm_setcred
Jul  1 12:31:30 samba-cliente lightdm:
pam_kwallet5(lightdm-greeter:setcred): pam_kwallet5: pam_sm_setcred
Jul  1 12:31:30 samba-cliente lightdm: pam_unix(lightdm:session): session
opened for user jmperrote by (uid=0)
Jul  1 12:31:30 samba-cliente systemd-logind[635]: New session c4 of user
jmperrote.
Jul  1 12:31:30 samba-cliente lightdm: pam_kwallet(lightdm:session):
(null): pam_sm_open_session
Jul  1 12:31:30 samba-cliente lightdm: pam_kwallet(lightdm:session):
pam_kwallet: open_session called without kwallet_key
Jul  1 12:31:30 samba-cliente lightdm: pam_kwallet5(lightdm:session):
(null): pam_sm_open_session
Jul  1 12:31:30 samba-cliente lightdm: pam_kwallet5(lightdm:session):
pam_kwallet5: open_session called without kwallet5_key

Jul  1 12:31:34 samba-cliente gnome-keyring-daemon[5872]: The PKCS#11
component was already initialized
Jul  1 12:31:34 samba-cliente gnome-keyring-daemon[5872]: The SSH agent was
already initialized
Jul  1 12:31:34 samba-cliente gnome-keyring-daemon[5872]: The Secret
Service was already initialized

Jul  1 12:31:35 samba-cliente polkitd(authority=local): Registered
Authentication Agent for unix-session:c4 (system bus name :1.149
[/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object
path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)

Regards.

More information about the samba mailing list