Juan Rodriguez
2006-Sep-21 10:34 UTC
[Samba] winbindd + mod_ntlm_winbind, why do we need "net join ..." ?
Hello, I would like to use NTLM authentication on my Apache2 server, and I've found out this link which works very well for me, http://download.samba.org/ftp/unpacked/lorikeet/mod_ntlm_winbind I'm newbie to samba, and to make this stuff work, I had to execute "net join -S <DC> -U <Admin>", because winbindd complained about "did we join ?"... (all of this can be found on man winbindd). I'm wondering why do you have to exec "net join". Can't winbindd forward all authentication requests to the domain controller without doing "nej join" ? Isn't there other options ? I've checked "Apache2::AuthenNTLM" and this module seems to be able to authenticate NTLM requests without joining the DC. Maybe I am wrong, any explanation about all this would be very useful. I plan to use NTLMv2 and the perl module doesn't do that so that's the reason I would like to work with mod_ntlm_winbind (without "net join") I'm looking forward to your replies. Thanks in advance. -- JFRH
Juan Rodriguez
2006-Sep-21 16:00 UTC
[Samba] Re: winbindd + mod_ntlm_winbind, why do we need "net join ..." ?
On 9/21/06, Juan Rodriguez <juan.fco.rodriguez@gmail.com> wrote:> > Hello, > > I would like to use NTLM authentication on my Apache2 server, and I've > found > out this link which works very well for me, > http://download.samba.org/ftp/unpacked/lorikeet/mod_ntlm_winbind > > I'm newbie to samba, and to make this stuff work, I had to execute > "net join -S <DC> -U <Admin>", because winbindd complained about > "did we join ?"... (all of this can be found on man winbindd).I've managed to avoid this message using: "net rpc getsid", but then I get the following error when I try to authenticate through mod_auth_winbind: (this is the output of winbindd) ... process_request: request fn AUTH_CRAP [11189]: pam auth crap domain: <mydomain> user: <myuser> is_myname("<mydomain>") returns 0 secrets_fetch failed! get_trust_pw: could not fetch trust account password for domain <mydomain> could not open handle to NETLOGON pipe (error: NT_STATUS_CANT_ACCESS_DOMAIN_INFO) .... -- JFRH