Juha Pietikäinen
2005-Oct-31 12:02 UTC
[Samba] Unified logons with winbind and tdbsam backend
I am trying to setup unified logons to my VPN users. My goal is to get rid of chap.secrets file and use winbind to authenticate against tdbsam password backend located in the PDC (Fedora Core 1) running with Samba 3.0.21pre1. I have tried with older Samba versions without success. Using winbind should allow password changes from the Windows XP Pro -client using CTRL+ALT+DEL. Smb.conf, nsswitch.conf and pam.d/system-auth are configured as they should (according to Samba3-ByExample). Winbind.so and ntlm_auth-helper is added in ppp(2.4.3)-configuration file. Testing with ntlm_auth and wbinfo -a from the server both succeed with given username (and domain+winbind separator+username) and password combination but I can't logon from Windows XP client via winbind. Without winbind (ms-chap-v2) authentication works fine. Wbinfo -t works but wbinfo -u and wbinfo -g doesn't work. I receive following error messages with ppp-debug option: utils/ntlm_auth.c:manage_squid_request(1592) fgets() failed! dying..... errno=1 (Operation not permitted) Peer DOMAIN\\user failed CHAP authentication I haven't tried yet with LDAP because I want keep things simple and my network is small. Had anybody get this working with a similar configuration?
Juha Pietikäinen
2005-Nov-01 05:55 UTC
[Samba] Unified logons with winbind and tdbsam backend
I am trying to setup unified logons to my VPN users. My goal is to get rid of chap.secrets file and use winbind to authenticate against tdbsam password backend located in the PDC (Fedora Core 1) running with Samba 3.0.21pre1. I have tried with older Samba versions without success. Using winbind should allow password changes from the Windows XP Pro (SP2) -client using CTRL+ALT+DEL. Smb.conf, nsswitch.conf and pam.d/system-auth are configured as they should (according to Samba3-ByExample). Winbind.so and ntlm_auth-helper is added in ppp(2.4.3)-configuration file. Testing with ntlm_auth and wbinfo -a from the server both succeed with given username (and domain+winbind separator+username) and password combination but I can't logon from Windows XP client via winbind. Without winbind (ms-chap-v2) authentication works fine. Wbinfo -t works but wbinfo -u and wbinfo -g doesn't work. I receive following error messages with ppp-debug option: utils/ntlm_auth.c:manage_squid_request(1592) fgets() failed! dying..... errno=1 (Operation not permitted) Peer DOMAIN\\user failed CHAP authentication I haven't tried yet with LDAP because I want keep things simple and my network is small. Had anybody get this working with a similar configuration? Juha Pietik?inen
Juha Pietikäinen
2005-Nov-08 12:03 UTC
[Samba] Unified logons with winbind and tdbsam backend
I am trying to setup unified logons to my VPN (L2TP/IPsec) users. My goal is to get rid of chap.secrets file and use winbind to authenticate against tdbsam password backend located in the PDC (Fedora Core 1) running with Samba 3.0.21pre1. I have tried also with older Samba versions without success. Using winbind should allow password changes from the Windows XP Pro (SP2) -client using CTRL+ALT+DEL. Smb.conf, nsswitch.conf and pam.d/system-auth are configured as they should (according to Samba3-ByExample). Winbind.so and ntlm_auth-helper is added in ppp(2.4.3)-configuration file. Testing with ntlm_auth and wbinfo -a from the server both succeed with given username (and domain+winbind separator+username) and password combination but I can't logon from Windows XP client using winbind. Without winbind (ms-chap-v2) authentication works fine. Wbinfo -t works but wbinfo -u and wbinfo -g doesn't work. I receive following error messages with ppp-debug option: utils/ntlm_auth.c:manage_squid_request(1592) fgets() failed! dying..... errno=1 (Operation not permitted) Peer DOMAIN\\user failed CHAP authentication I haven't tried yet with LDAP because I want keep things simple and my network is small. Has anybody get this working with a similar configuration? Juha Pietik?inen