search for: adsuser

...ssion required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so /var/log/messages is as follows: ........ Sep 28 18:31:09 computer1 sshd(pam_unix)[13565]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=computer2.example.com user=adsuser Sep 28 18:31:09 computer1 pam_winbind[13565]: user 'adsuser' OK Sep 28 18:31:09 computer1 pam_winbind[13565]: user 'adsuser' granted access Sep 28 18:31:09 computer1 pam_winbind[13565]: user 'adsuser' OK Sep 28 18:31:09 computer1 pam_winbind[13565]: user 'adsuser' gr...

...or kerberos MIT, configured smb.conf and krb5.conf. Run net ads join -U administrator and it worked, i can see the machine account in the active directory. From my linux box I can smbclient -U user -L windows2kclient and I get the list of the shares, while if i do from my linuxbox smbclient -U adsuser -L localhost i get this error: [root@fbcsrvsmb01 root]# smbclient -U user -L 192.168.100.10 Password: session setup failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO. When I start winbind I get this error: [2004/02/02 17:51:58, 1] nsswitch/winbindd.c:main(843) winbindd version 3.0.2rc2 started....

Hi I have Samba 3 running on Fedora 4, configured to use pam_winbind to validate user logins against my W2K ADS. Logins are fully functional using names such as adsdomain.adsuser (I have the fullstop character configured as my winbind seperator). This is all working fine. What I would now like to do, is to have a Kerberos ticket from the ADS Kerberos realm issued to the user that has just logged in, without the user having to re-validate themselves using kinit. The id...

...e following tests: smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs. wbinfo -u # Shows winbind is doing lookups from ADS johns wbinfo -g # Shows winbind is doing lookups from ADS getent passwd # Shows nsswitch is correct, to resolve ADSusers. johns:x:10000:10000:John Stile:/home/MS/johns:/usr/local/bin/bash getent group # Shows nsswitch is correct, to resolve ADS groups. net ads info # Show AD info LDAP server: 192.168.50.42 LDAP server name: stan Realm: MS.STILEN.COM Bind Path: dc=MS,dc=STILEN,dc=COM...

> -----Original Message----- > > I've tried to use the pam_krb5 module, but as pam modules > validate the user as given, pam_krb5 is trying to match the > password to adsdomain.adsuser@ADSDOMAIN.REALM.... so it fails. > Pam_krb5 can be configured to convert winbind usernames back into principal names, by means of some regexp matching and template filling magic. It it 'underdocumented' - perhaps you even need to grab the source RPM and look there? I can't remem...

...ement to use winbind to allocate UID/GIDs for users but only if they aren't in the non-winbind nsswitch sources. I.e, given smb.conf ; samba 3.0.7 realm = DOMAIN workgroup = DOMAIN log level = 3 idmap:10 winbind:10 idmap gid = 50000-59999 idmap uid = 50000-59999 ADS users: DOMAIN\adsuser1 ; only in ADS, not NIS DOMAIN\adsuser2 ; only in ADS, not NIS DOMAIN\user1 DOMAIN\user2 NIS passwd: user1:*:10001:20000:&:/home/user1:/bin/sh user2:*:10002:20000:&:/home/user2:/bin/sh I want name<->uid loops to return "10001" for user1 and a winbind allocated U...