I am trying to get user authentication in a 200X AD to have domain
users see the samba shares (RH ES3, samba 3.0.9-1).
I can see the shares, but when I try to access any of the shares, I
get prompted for a username and password and this is what shows up in
the log.winbindd file
-------------------
[2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'robl' does not exist
[2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'ROBL' does not exist
[2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'luser-ibmlptp2$' does not exist
[2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'luser-ibmlptp2$' does not exist
[2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'LUSER-IBMLPTP2$' does not exist
---------------------
robl the user I'm logged into and LUSER-IBMLPTP2 is the computer name.
I can get a listing of the domain users from the linux machine with
the wbinfo command:
-----------------------------
[root@gort samba]# wbinfo -u
TESTER+Administrator
TESTER+Guest
TESTER+SUPPORT_388945a0
TESTER+TEST1$
TESTER+krbtgt
TESTER+pauld
TESTER+robl
TESTER+tester1
TESTER+tester2
TESTER+tester3
TESTER+TEST2$
TESTER+gort$
TESTER+LUSER-IBMLPTP2$
------------------------------
It may be that I have to config another file in pam.d. here is my
pam.d/samba and pam.d/login files (respectively)
--------------------------------
#%PAM-1.0
auth sufficient pam_winbind.so
auth required pam_unix.so nullok
account sufficient pam_winbind.so
account required pam_unix.so
session required pam_unix.so
password required pam_unix.so
----------------------------------
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
---------------------------------------
and smb.conf...
-------------------------------------
[global]
netbios name = Gort
server string = Gort
workgroup = TESTER
os level = 20
encrypt passwords = yes
security = ADS
password server = test1.tester.randd.com
realm = TESTER.RANDD.COM
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum groups = yes
winbind enum users = yes
[space]
comment = Test Share
browseable = yes
writeable = yes
public = yes
----------------------------------------
any input would be great.
Thanks
spike1197
2004-Dec-29 19:19 UTC
[Samba] SUMMARY:Re: User authentication to AD200X, need local users?
getent passwd gave me local users only. In my nsswitch.conf file I had passwd: winbind compat shadow: winbind compat group: winbind compat I changed that to passwd: files winbind shadow: files group: files winbind and everything is happy. thanks jht for the brain-jar On Wed, 29 Dec 2004 08:26:51 -0800, spike1197 <spike1197@gmail.com> wrote:> I am trying to get user authentication in a 200X AD to have domain > users see the samba shares (RH ES3, samba 3.0.9-1). > > I can see the shares, but when I try to access any of the shares, I > get prompted for a username and password and this is what shows up in > the log.winbindd file > ------------------- > [2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) > user 'robl' does not exist > [2004/12/29 08:17:37, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) > user 'ROBL' does not exist > [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) > user 'luser-ibmlptp2$' does not exist > [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) > user 'luser-ibmlptp2$' does not exist > [2004/12/29 08:17:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) > user 'LUSER-IBMLPTP2$' does not exist > --------------------- > > robl the user I'm logged into and LUSER-IBMLPTP2 is the computer name. > > I can get a listing of the domain users from the linux machine with > the wbinfo command: > ----------------------------- > [root@gort samba]# wbinfo -u > TESTER+Administrator > TESTER+Guest > TESTER+SUPPORT_388945a0 > TESTER+TEST1$ > TESTER+krbtgt > TESTER+pauld > TESTER+robl > TESTER+tester1 > TESTER+tester2 > TESTER+tester3 > TESTER+TEST2$ > TESTER+gort$ > TESTER+LUSER-IBMLPTP2$ > ------------------------------ > > It may be that I have to config another file in pam.d. here is my > pam.d/samba and pam.d/login files (respectively) > -------------------------------- > #%PAM-1.0 > auth sufficient pam_winbind.so > auth required pam_unix.so nullok > account sufficient pam_winbind.so > account required pam_unix.so > session required pam_unix.so > password required pam_unix.so > ---------------------------------- > #%PAM-1.0 > auth required pam_securetty.so > auth required pam_stack.so service=system-auth > auth required pam_nologin.so > account required pam_stack.so service=system-auth > password required pam_stack.so service=system-auth > session required pam_stack.so service=system-auth > session optional pam_console.so > --------------------------------------- > > and smb.conf... > ------------------------------------- > > [global] > netbios name = Gort > server string = Gort > workgroup = TESTER > os level = 20 > encrypt passwords = yes > security = ADS > password server = test1.tester.randd.com > realm = TESTER.RANDD.COM > > winbind separator = + > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum groups = yes > winbind enum users = yes > > [space] > comment = Test Share > browseable = yes > writeable = yes > public = yes > ---------------------------------------- > > any input would be great. > Thanks >