Newscrawler
2008-Jan-14 17:52 UTC
[Samba] Authenticating a linux samba client to a win2k domain
Hello crew, I'm having troubles with authenticating a linux samba client to a win2k domain. Without creating local users I want to be able to log on using a user and pass valid only in the windows domain. Somehow I seem to be stuck on the last part: /var/log/samba/log.winbindd [2008/01/14 16:22:12, 0] lib/util_sid.c:string_to_sid(242) string_to_sid: Sid S-0-0 is not in a valid format. [2008/01/14 16:22:12, 0] nsswitch/winbindd_util.c:trustdom_recv(268) Got invalid trustdom response Which results in a bad authentication: /var/log/pam.log Jan 14 16:29:03 sandbox pam_winbind[2632]: pam_winbind: pam_sm_authenticate (flags: 0x0000) Jan 14 16:29:07 sandbox pam_winbind[2632]: Verify user `testuser' Jan 14 16:29:17 sandbox pam_winbind[2632]: request failed: NT_STATUS_IO_TIMEOUT, PAM error was System error (4), NT error was NT_STATUS_IO_TIMEOUT Jan 14 16:29:17 sandbox pam_winbind[2632]: internal module error (retval = 4, user = `testuser') When I login using a WRONG password: /var/log/pam.log Jan 14 16:31:33 sandbox pam_winbind[2675]: pam_winbind: pam_sm_authenticate (flags: 0x0000) Jan 14 16:31:35 sandbox pam_winbind[2675]: Verify user `testuser' Jan 14 16:31:35 sandbox pam_winbind[2675]: request failed: Wrong Password, PAM error was Authentication failure (7), NT error was NT_STATUS_WRONG_PASSWORD Jan 14 16:31:35 sandbox pam_winbind[2675]: user `testuser' denied access (incorrect password or invalid membership) When I login using `wronguser`: /var/log/pam.log Jan 14 17:38:43 sandbox pam_winbind[2928]: pam_winbind: pam_sm_authenticate (flags: 0x0000) Jan 14 17:38:45 sandbox pam_winbind[2928]: Verify user `wronguser' Jan 14 17:38:45 sandbox pam_winbind[2928]: request failed: No such user, PAM error was User not known to the underlying authentication module (10), NT error was NT_STATUS_NO_SUCH_USER Jan 14 17:38:45 sandbox pam_winbind[2928]: user `wronguser' not found I'm very willing to supply more info but I thought posting the entire config upfront is a little too much. I'm using Linux sandbox 2.6.18-5-686 #1 SMP Mon Dec 24 16:41:07 UTC 2007 i686 GNU/Linux and Samba Version 3.0.24 Cheers Joost
Jamrock
2008-Jan-17 09:31 UTC
[Samba] Re: Authenticating a linux samba client to a win2k domain
"Newscrawler" <newscrawler@gmail.com> wrote in message news:A82AC4C8-35EF-4EA2-A49F-3365BE01FB0B@gmail.com...> > Hello crew, > > I'm having troubles with authenticating a linux samba client to a > win2k domain. Without creating local users I want to be able to log > on using a user and pass valid only in the windows domain. > > > Cheers > > JoostTake a look at Chapter 7 of Samba by Example. "Adding Domain Member Servers and Clients". It shows a few ways to do this.