----- Original Message -----
From: David Hoang
To: samba-bugs@samba.org
Sent: Friday, September 20, 2002 4:20 PM
Subject: Winbind-bug
I am using winbind and I notice it's not letting me logon to my unix box
unless i have created a unix-style account with entries in /etc/passwd &
shadow.
I thought winbind was suppose to allow me to logon using my active directory
(w2k)
box. I please correct me if I'm wrong.
I read the docs and did the following: smbd, nmbd, winbind all
running,> also able to to domain user/group
> info. with "wbinfo". However still can't su, telnet to the
linux box with
> my active directory user account.
>
> In /lib
> ------
> /lib/libnss_winbind.so
> /lib/libnss_winbind.so.2
>
> /etc/nsswitch.conf
> ------------------
> passwd: files winbind
> shadow: files
> group: files winbind
>
> Configure PAM with winbind
> ==================> #make nsswitch/pam_winbind.so * In source
tree
> #cp nsswitch/pam_winbind.so /lib/security *chmod 755 pam_winbind.so
>
> -Enable telnet in xinetd.d, xinetd running
>
> -Added /lib/security/pam_winbind.so to /etc/pam.d/login & su
> [root@caribou pam.d]# more su
> #%PAM-1.0
> auth sufficient /lib/security/pam_rootok.so
> auth sufficient /lib/security/pam_winbind.so
> auth sufficient /lib/security/pam_unix.so use_first_pass
> # Uncomment the following line to implicitly trust users in the
"wheel"
> group.
> #auth sufficient /lib/security/pam_wheel.so trust use_uid
> # Uncomment the following line to require a user to be in the
"wheel"
group.> #auth required /lib/security/pam_wheel.so use_uid
> #auth required /lib/security/pam_smb_auth.so
> #auth required /lib/security/pam_stack.so service=system-auth
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> session optional /lib/security/pam_xauth.so
> [root@caribou pam.d]# more login
> #%PAM-1.0
> auth required /lib/security/pam_securetty.so
> auth sufficient /lib/security/pam_winbind.so
> auth sufficient /lib/security/pam_unix.so use_first_pass
> auth required /lib/security/pam_stack.so service=system-auth
> auth required /lib/security/pam_nologin.so
> account sufficient /lib/security/pam_winbind.so
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> session optional /lib/security/pam_console.so
>
> The results:
> [root@caribou pam.d]# su - dhoang
> su: user dhoang does not exist
>
> [root@caribou pam.d]# telnet caribou
> Trying 172.16.2.251...
> Connected to caribou.jvb.jpsd.org (172.16.2.251).
> Escape character is '^]'.
>
> caribou (Linux release 2.4.7-10enterprise #1 SMP Thu Sep 6 16:48:20
EDT> 2001) (2)
>
> login: dhoang
> Password for dhoang:
> Login incorrect
Please help shed some light:-) Shouldn't winbind allow me to do this?
Or is it just letting me do things like "smbclient" with my active
directory
logon/passwd info.
Thanks
-------------- next part --------------
HTML attachment scrubbed and removed