Hello we have Samba Version 4.3.11, we are trying to logon linux desktop
clients on domain, we easy can join the client on the domain with net rpc
join -S 10.11.37.3 -U xxxxx it is satisfactory. We don't have kinit server.
Later we install libpam-winbind, winbind ,libnss-winbind and samba on the
client side.
Edit nsswitch.conf -->
passwd: compat winbind
group: compat winbind
shadow: compat winbind
edit smb.conf -> security = *domain .......*
edit /etc/pam.d/common-auth,/etc/pam.d/common-session,
edit /etc/lightdm/lightdm.conf
[SeatDefaults]
allow-guest=false
greeter-show-manual-login=true
Problem:
The problem was when try try logon on desktop login console we use
domain\username and always get error "invalid password please try
again"
--> /var/log/auth.log
Jul 1 12:29:10 samba-cliente lightdm: pam_winbind(lightdm:auth): user
'policia\gafranchello' granted access
Jul 1 12:29:10 samba-cliente lightdm: pam_unix(lightdm:account): could not
identify user (from getpwnam(gafranchello))
But if we use a user that it it is still created on the client desktop, and
use the domain password, work
Jul 1 12:31:26 samba-cliente lightdm: pam_winbind(lightdm:auth): getting
password (0x00000000)
Jul 1 12:31:30 samba-cliente lightdm: pam_winbind(lightdm:auth): user
'policia\jmperrote' granted access
Jul 1 12:31:30 samba-cliente lightdm: pam_unix(lightdm-greeter:session):
session closed for user lightdm
Jul 1 12:31:30 samba-cliente lightdm:
pam_kwallet(lightdm-greeter:session): pam_kwallet: pam_sm_close_session
Jul 1 12:31:30 samba-cliente lightdm:
pam_kwallet5(lightdm-greeter:session): pam_kwallet5: pam_sm_close_session
Jul 1 12:31:30 samba-cliente lightdm:
pam_kwallet(lightdm-greeter:setcred): pam_kwallet: pam_sm_setcred
Jul 1 12:31:30 samba-cliente lightdm:
pam_kwallet5(lightdm-greeter:setcred): pam_kwallet5: pam_sm_setcred
Jul 1 12:31:30 samba-cliente lightdm: pam_unix(lightdm:session): session
opened for user jmperrote by (uid=0)
Jul 1 12:31:30 samba-cliente systemd-logind[635]: New session c4 of user
jmperrote.
Jul 1 12:31:30 samba-cliente lightdm: pam_kwallet(lightdm:session):
(null): pam_sm_open_session
Jul 1 12:31:30 samba-cliente lightdm: pam_kwallet(lightdm:session):
pam_kwallet: open_session called without kwallet_key
Jul 1 12:31:30 samba-cliente lightdm: pam_kwallet5(lightdm:session):
(null): pam_sm_open_session
Jul 1 12:31:30 samba-cliente lightdm: pam_kwallet5(lightdm:session):
pam_kwallet5: open_session called without kwallet5_key
Jul 1 12:31:34 samba-cliente gnome-keyring-daemon[5872]: The PKCS#11
component was already initialized
Jul 1 12:31:34 samba-cliente gnome-keyring-daemon[5872]: The SSH agent was
already initialized
Jul 1 12:31:34 samba-cliente gnome-keyring-daemon[5872]: The Secret
Service was already initialized
Jul 1 12:31:35 samba-cliente polkitd(authority=local): Registered
Authentication Agent for unix-session:c4 (system bus name :1.149
[/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object
path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Regards.
