Wong, G. MR EECS
2004-Sep-09 15:56 UTC
[Samba] Problem using pam_winbind to authenticate with Windows 2003 Active Directory Server.
We're trying to have AD Domain Users authenticate to AD server to login to a Redhat Enterprise Linux AS (3.0) server. Were running samba 3.06 on the Linux box. We're using specifically winbind and pam_winbind for this purpose. I've followed all the instructions in the HOW-TO samba documentation on setting up windbind, kerberos, and pam_winbind. I've successfully logged into the LINUX box with certain AD user credentials but not with others, which are the majority. Here is what I've observed about the 2 sets of user accounts: If sAMAaccountName = UserPrincipalName user can Log in Else can't ( The error message from pam_winbind is: PAM error was 10, NT error was NT_STATUS_NO_SUCH_USER ) Why is this occuring? Do I need to use other programs in conjunction with samba to get this to work and if so are there some instructions to do so? HELP!
Gerald (Jerry) Carter
2004-Sep-09 22:46 UTC
[Samba] Problem using pam_winbind to authenticate with Windows 2003 Active Directory Server.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wong, G. MR EECS wrote: | If sAMAaccountName = UserPrincipalName | user can Log in | Else | can't ( The error message from pam_winbind is: PAM | error was 10, NT error was NT_STATUS_NO_SUCH_USER ) | | Why is this occuring? Do I need to use other programs | in conjunction with samba to get this to work and if so | are there some instructions to do so? HELP! Recently fixed for the upcoming 3.0.7 release. Here's the patch. cheers, jerry - --------------------------------------------------------------------- Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBQNz9IR7qMdg1EfYRAgdnAJ9raUexgprsxOGp8zc6red+rJPEhQCfQ9oW hAXpVmXSQFCK+QG4JBb1mzo=xxGa -----END PGP SIGNATURE-----
Wong, G. MR EECS
2004-Sep-10 13:57 UTC
[Samba] Problem using pam_winbind to authenticate with Windows 2003 Active Directory Server.
Thanks, that worked beautifully. -----Original Message----- From: Gerald (Jerry) Carter [mailto:jerry@samba.org] Sent: Thursday, September 09, 2004 6:45 PM To: Wong, G. MR EECS Cc: samba@lists.samba.org Subject: Re: [Samba] Problem using pam_winbind to authenticate with Windows 2003 Active Directory Server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wong, G. MR EECS wrote: | If sAMAaccountName = UserPrincipalName | user can Log in | Else | can't ( The error message from pam_winbind is: PAM | error was 10, NT error was NT_STATUS_NO_SUCH_USER ) | | Why is this occuring? Do I need to use other programs | in conjunction with samba to get this to work and if so | are there some instructions to do so? HELP! Recently fixed for the upcoming 3.0.7 release. Here's the patch. cheers, jerry - --------------------------------------------------------------------- Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBQNz9IR7qMdg1EfYRAgdnAJ9raUexgprsxOGp8zc6red+rJPEhQCfQ9oW hAXpVmXSQFCK+QG4JBb1mzo=xxGa -----END PGP SIGNATURE-----