Hi
I'm having problems implementing a domain member server using winbind.
I've setup a test share on the server (BERTHOG) and test user (alex)
on the PDC (RODNEY).
Winbind seems to be running fine:
berthog:/srv$ wbinfo -n alex
S-1-5-21-2502943273-132007109-1129902423-3006 User (1)
But when I try to connect to the share:
berthog:/srv$ smbclient //BERTHOG/shared -U alex
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
The machine log shows this:
[2006/04/05 20:14:36, 0] auth/pampass.c:smb_pam_account(573)
smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account
Management for User
: STATEART+alex
[2006/04/05 20:14:36, 0] auth/pampass.c:smb_pam_accountcheck(781)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting
User STATEART
+alex!
I don't believe any modifications have to be made to the PAM files to
get samba/winbind working?
Any advice would be gratefully recieved!
My smb.conf follows:
[global]
## Browsing/Identification ###
workgroup = stateart
netbios name = BERTHOG
server string = %h server (Samba %v)
wins support = no
wins server = 192.168.2.97
winbind use default domain = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template primary group = "Domain Users"
winbind separator = +
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve host
names
# to IP addresses
name resolve order = wins bcast hosts
#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
max log size = 1000
; syslog only = no
syslog = 0
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
security = domain
; security = share
password server = *
domain master = no
# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = true
# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
passdb backend = tdbsam guest
obey pam restrictions = yes
; guest account = nobody
invalid users = root
; unix password sync = no
load printers = no
######## File sharing ########
# Name mangling options
; preserve case = yes
; short preserve case = yes
############ Misc ############
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#======================= Share Definitions ======================
[shared]
path = /srv/TESTFS/shared
writeable = yes
valid users = alex
create mode = 0660
directory mode = 0770
Emrys Hughes
2006-Apr-09 13:22 UTC
[Samba] Fwd: domain member server authentication problem
I still haven't been able to resolve this problem and have received no response so I re-post.....apologies if this is bad manners. I have tried altering /etc/pam.d/samba so it reads as follows, but still no joy: @include common-auth @include common-account @include common-session account required /lib/security/pam_winbind.so auth required /lib/security/pam_winbind.so Begin forwarded message:> From: Emrys Hughes <emrys@stateart.com.au> > Date: 5 April 2006 8:31:04 PM > To: samba@lists.samba.org > Subject: domain member server authentication problem > > Hi > > I'm having problems implementing a domain member server using > winbind. > > I've setup a test share on the server (BERTHOG) and test user > (alex) on the PDC (RODNEY). > > Winbind seems to be running fine: > > berthog:/srv$ wbinfo -n alex > S-1-5-21-2502943273-132007109-1129902423-3006 User (1) > > But when I try to connect to the share: > > berthog:/srv$ smbclient //BERTHOG/shared -U alex > Password: > session setup failed: NT_STATUS_LOGON_FAILURE > > The machine log shows this: > > [2006/04/05 20:14:36, 0] auth/pampass.c:smb_pam_account(573) > smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account > Management for User > : STATEART+alex > [2006/04/05 20:14:36, 0] auth/pampass.c:smb_pam_accountcheck(781) > smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting > User STATEART > +alex! > > > I don't believe any modifications have to be made to the PAM files > to get samba/winbind working? > > Any advice would be gratefully recieved! > > > My smb.conf follows: > > > [global] > > ## Browsing/Identification ### > > workgroup = stateart > netbios name = BERTHOG > server string = %h server (Samba %v) > > wins support = no > wins server = 192.168.2.97 > winbind use default domain = yes > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > template primary group = "Domain Users" > winbind separator = + > > # This will prevent nmbd to search for NetBIOS names through DNS. > dns proxy = no > > # What naming service and in what order should we use to resolve > host names > # to IP addresses > name resolve order = wins bcast hosts > > > #### Debugging/Accounting #### > > log file = /var/log/samba/log.%m > max log size = 1000 > ; syslog only = no > syslog = 0 > > # Do something sensible when Samba crashes: mail the admin a backtrace > panic action = /usr/share/samba/panic-action %d > > > ####### Authentication ####### > > security = domain > ; security = share > password server = * > domain master = no > > # You may wish to use password encryption. See the section on > # 'encrypt passwords' in the smb.conf(5) manpage before enabling. > encrypt passwords = true > > # If you are using encrypted passwords, Samba will need to know what > # password database type you are using. > passdb backend = tdbsam guest > > obey pam restrictions = yes > > ; guest account = nobody > invalid users = root > ; unix password sync = no > > load printers = no > > > ######## File sharing ######## > > # Name mangling options > ; preserve case = yes > ; short preserve case = yes > > > ############ Misc ############ > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > > #======================= Share Definitions ======================> > [shared] > path = /srv/TESTFS/shared > writeable = yes > valid users = alex > create mode = 0660 > directory mode = 0770 > > > >