I've found at least part of the problem. PAM was not properly
configured. Apparently I had used a configuration for a previous version
of pam which did not work with my setup..
On 1/22/2010 2:49 PM, Robert Steinmetz AIA wrote:> I have two servers running Samba 2.3.3, one as a Domain Controller one
> as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and
> winbindd using the tdb back end are running on both.
>
> I am don't understand the results. As far as I can tell I have
> everything configured as it should be.
>
> The basic globals for the DC
>
> [global]
> workgroup = ATLANTA
> time server = Yes
> hostname lookups = Yes
> domain logons = Yes
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = Yes
> winbind enum groups = Yes
> hide dot files = No
>
>
> The glbals for the Member Server
>
> [global]
> workgroup = ATLANTA
> security = DOMAIN
> password server = 192.168.1.24
> name resolve order = wins bcast hosts
> wins proxy = Yes
> wins server = 192.168.1.24
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template shell = /bin/bash
> winbind enum users = Yes
> winbind enum groups = Yes
> hosts allow = 192.168.1.0/255.255.255.0
>
> getent does not return the names on any domain groups or users.
>
> wbinfo does return the names on domains groups and users.
>
> BUILTIN\administrators
> BUILTIN\users
> ATLANTA\domain users
> ATLANTA\domain guests
> ATLANTA\domain admins
>
> net groupmap list on the DC shows mapping to groups
>
> Backup Operators (S-1-5-32-551) -> backup
> Power Users (S-1-5-32-547) -> atlanta
> Replicators (S-1-5-32-552) -> staff
> Domain Users (S-1-5-21-4166445610-3302986456-3838465043-513) -> samba
> Domain Guests (S-1-5-21-4166445610-3302986456-3838465043-514) -> nogroup
> Administrators (S-1-5-32-544) -> staff
> Account Operators (S-1-5-32-548) -> account
> Users (S-1-5-32-545) -> samba
> Print Operators (S-1-5-32-550) -> print
> Guests (S-1-5-32-546) -> nogroup
> System Operators (S-1-5-32-549) -> operator
> Domain Admins (S-1-5-21-4166445610-3302986456-3838465043-512) -> staff
>
> net groupmap list on the Member Server shows only the builtin in groups
>
> Administrators (S-1-5-32-544) -> BUILTIN\administrators
> Users (S-1-5-32-545) -> BUILTIN\users
>
--
*Robert Steinmetz, AIA*
Principal
*Steinmetz & Associates*