similar to: winbind flaky authentication..

Hi, I have reported this(and seen similar problems by others) before. I took the plunge today and trace into the source to see what happened. The result seems to be that winbind(or the nsswitch part) would never work in a PDC/BDC situation, only for other trusted domain(probably). Below is my analysis. I have setup nsswitch.conf and pam.d/login properly so libnss_winbind and pam_winbind are

Hello all, I am having an issue that I need help with and have been searching the web high and low for a solution. It involvs using winbind to authenticate Linux systems against a 2003 Active Directiry domain with a one-way trust. Here is the lay out. Domain "ABC" is the resource domain where the servers are located. Domain "XYZ" is the domain that the primary user accounts

Hi I have the following question: Joining Win200x as ADS/DOMAIN, I see no problems for windows users to get authenticated even if they don't have local accounts. However, with the same samba (3.06) joining NT4 SP6 domain I see that only users that also have entry in /etc/passwd are been authenticated. I followed winbindd traces and saw that there is no problem communicating with

Was: RE: [Samba] samba 3.0 and freebsd 5.1 Hi Aaron, I deinstalled the 3.0.1 port and got the source tarball for 3.0.2a and installed from there. I also swapped out 3.0.1 for 3.0.2 on the domain controller when I discovered the second problem. I can now use smbclient to log into a file share on the member server, giving an " smb: \> " prompt but doing ls gives an error of:

I'm exeperiencing a strange ntlm_auth problem: I'm running two domain with a trust; the trusting one, (EUFEMIA with the PDC Beatrice) uses the WINS facility of the trusted one (LETTERE, PDC Alice). Users of EUFEMIA and LETTERE alike have a successful logon to Beatrice. LETTERE users do authenticate in Beatrice with ntlm_auth. EUFEMIA users do not: beatrice:/home# ntlm_auth --username

Hello @ll, I'm having the following problem on a RHEL 3 Update 3, with the latest official release packages for RHEL 3. samba-common-3.0.9-1.3E.13.2 samba-3.0.9-1.3E.13.2 When changing the ip adress in /etc/krb5.conf to use the W2003 domain controller for kerberos authentication instead of the current W2000 it becomes impossible the login to this server using ssh. The command "$getent

Ive got a problem with pam_winbind not authenticating, were using an AD 2003 domain. wbinfo works with correct password # wbinfo -a=AD03+richard.batty%password plaintext password authentication succeeded challenge/response password authentication succeeded with wrong password # wbinfo -a=AD03+richard.batty%password1 plaintext password authentication failed error code was

> -----Original Message----- > From: David Brodbeck [mailto:DavidB@mail.interclean.com] > I upgraded one of our systems from 2.2.8a to 3.0.6. > Authentication via > winbindd is not working. "wbinfo -t" gives a good result, and 'getent > passwd' and 'getent group' work fine. But when I try to > access the server, > I'm prompted for a

Hi, I have winbind joined to a Win2003 AD domain with rid idmap backend. Almost everything's working. wbinfo -u and -g work fine, as does getent passwd and getent group. I can also getent by ID number. The only thing I can't do is getent by name, which is preventing logins: root@services2:/etc/pam.d# net ads testjoin Join is OK root@services2:/etc/pam.d# getent passwd | grep david.croft

Ive recently installed three servers with RHEL5u5. After some messing on the original, I got samba working with ADS authentication. I then went and got it working so that users could log in using their domain name & password to the box. I got this working with both no restriction, and ADS group restriction. I have left it on no restriction wheil I get these systems up and running. I then

Samba version is 3.0.10 on Gentoo linux. I am trying to use idmap_rid backend in a Windows AD environment, the Linux PC acting only as a domain member. I am using idmap_rid because I need UID/GID predictability. I can log in to console correctly, and it shows the right user and the "Domain Users" as the group. When I use default winbind TDB, I can browse the home directory from an XP

As of RC3 and RC4, I've noticed that winbindd's wb_getpwuid function is using the form <FQDN-domain><winbind-seperator><username>, and before, it was simply <NetBIOS-domain><winbind-seperator><username>. The net effect of what I'm seeing is that users which have a UNIX account locally on the samba box and also a domain account are being

Hi I have a problem with an interdomain trust where on the PDC for DomainA, everything works perfectly. getent returns local and DomainB usernames. On the PDC for DomainB, it's DomainB works fine, but getent only returns local usernames and groups, it doesn't return the usernames or groups for DomainA. wbinfo -u and wbinfo -g work fine and return all DomainA's usernames and groups.

Using samba-3.0.10-1.4E.2 as supplied by RedHat Enterprise 4. Using security=ADS mode, and using winbind and pam_winbind to authenticate. I was able to sucessfully join the domain, and can enumerate users and groups. Whenever I try to authenticate, it always fails with the status STATUS_BUFFER_OVERFLOW. -------------------pieces of Winbind Logs--------------- [2006/01/26 13:08:55, 5]

Winbindd is having trouble finding the Domain Admins group in my domain. It appears to be searching for the group but does not show what domain it's looking into - then it tries the local PC (ANC-Gentoo): log.winbind: [2004/01/07 13:20:43, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(237) [23792]: getgrnam Domain Admins [2004/01/07 13:20:43, 5] nsswitch/winbindd_acct.c:wb_getgrnam(522)

I want to limit access to shares via windows groups but when I set a share to anything other than 'valid users = %S' or 'valid users =', I cannot access the share. The error message indicates that the share is not accessible and I may not have sufficient permissions. If I change just the valid users in smb.conf and restart smb, I get right in without prompting. I also found that I

Dear samba list, For some time we've had servers connecting to a w2k3 r2 server via ADS setup. Wins was working fine and users were able to authenticate. Recently we've added a GFS like system. This required getting the UID/GID's unified. Suggestions were made on the samba IRC channel to install SFU on the PDC. I'm receiving some very strange output. Usernames/pwd have

I am running Samba version 3.0.9-1.3E.2 on a server that is joined to a windows server 2003 domain using ADS security. The samba server hosts a share called 'files'. I am having problems mounting this share using a new account I set up. getent passwd shows the information for the new account as does wbinfo -u. Mounting the share with the new users account using the net use command

Everyone, I am going nuts trying to figure this problem out. I have successfully joined a SUSE 10 server to our domain and configured samba for ADS authentication. This exact setup works on all my other servers. On this one, I keep getting access denied when entering my domain password despite the fact that I have tried it literally dozens of times. I am 100% confident I am

Hi, I have an odd problem with winbind. I use it for, among other thing, nsswitch user resolution. I believe it have a problem with accessing information for a single user, or with caching. When I request info for a specific user, it fail (trying to login also fail with NT_STATUS_NO_SUCH_USER). But it work when I request info for all users. And then, login and getent for single account start