I'm on a redhat 7.2 box, and I am trying to configure PAM to use winbind to authenticate against an NT4 PDC. I followed the instructions I found at: http://de.samba.org/samba/ftp/docs/htmldocs/Samba-HOWTO-Collection.html#WINBIND
I compiled the 2.2.4 source and have tried several permutations of the setup they suggest, and have tried many solutions I've seen suggested on different mailing lists, but nothing seems to work. I have smb.conf setup as suggested in the document, and have succeeded in joining my NT domain with smbpasswd. The command 'getent passwd' properly returns the list of users on my PDC. The problem comes in when I try to use the pam_winbind.so module for logins or ssh (I have not tried anything else) My current configuration is this: /etc/pam.d/system-auth ----------------------------- auth sufficient /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_winbind.so use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient /lib/security/pam_winbind.so use_first_pass password required /lib/security/pam_cracklib.so retry=3 type= password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so ----------------------------- /etc/nsswitch.conf ----------------------------- passwd: files nisplus winbind shadow: files nisplus group: files nisplus winbind ----------------------------- If I login as: mydomain+username It fails. My Linux system log reports: (machine names changed) Jun 3 16:12:42 casey pam_winbind[11588]: request failed, PAM error was 4, NT error was NT_STATUS_NO_TRUST_SAM_ACCOUNT Jun 3 16:12:42 casey pam_winbind[11588]: internal module error (retval = 4, user = `mydomain+username' My NT PDC reports: The session setup from the computer CASEY failed because there is no trust account in the security database for this computer. The name of the account referenced in the security database is CASEY$. Note that I had originally put the reference to pam_winbind in the login file, but put in in system-auth after that didn't work. Note also that I tried it with pam_env and pam_unix both set to required. I have tried removing and re-adding casey from the PDC, I have tried adding at the PDC first, and then using smbpasswd. I've tried this in reverse order. I've tried only using smbpasswd, I've tried only adding it at the PDC. I've tried deleting the /etc/samba/secrets.tdb file and re-adding. The only odd thing about my setup is that I installed from source over the redhat RPM install, and the files are a little messy. I've tried to go through and make sure all of the stuff in /usr/sbin and /usr/bin are symlinks to the stuff in /usr/local/samba/bin, but I may have missed something. At any rate I don't think that's the problem. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba