Hello, I've been trying for a couple of weeks now to get Samba to authenticate via Winbind to an NT domain. I've scoured Google and the mailing lists to no avail. I've tried various configurations that I've found during my searches, but none of them have worked for me.
I need to be able to authenticate users, that do not have an account on the Linux box, against the NT domain, and automatically create a home directory for them. This is the purpose of Winbind (except the home directory part, which pam_mkhomedir is supposed to do), as I understand it. Something between winbind and pam is failing since the connecting user gets authenticated as guest rather than an actual user. My current configuration is RedHat 7.3 and Samba 2.2.5. My most current samba installation is an RPM generated via the makerpms.sh script in the packaging/RedHat folder of the 2.2.5 samba distribution. I've added the following compilation flags in the samba2.spec file: This is my latest attempt, since nothing else seemed to work. --with-ssl \ --with-sslinc=/usr/include/openssl \ --with-ssllib=/usr/lib/ssl \ --with-acl-support \ --with-winbind \ --with-winbind-auth-challenge \ 'getent passwd' and 'getent group' work properly so I think winbind works, too. I think the problem lies somewhere with pam, but I'm not a pam guru by any stretch of the imagination. The problem is one I've seen discussed a couple of times, but have not seen any kind of resolution. The next few lines are from the log file of the client attempting to connect to the server with an account called ilchtest. [2002/10/08 15:00:50, 3] lib/util_sock.c:open_socket_out(845) Connecting to 10.226.XXX.XXX at port 139 [2002/10/08 15:00:50, 3] smbd/reply.c:reply_sesssetup_and_X(1045) No such user ilchtest [CHICAGO] - using guest account The following is the last line of what 'winbindd -d5 -i' spits out when I start it from the root prompt: tdb(unknown): tdb_brlock failed (fd=10) at offset 4 rw_type=1 lck_type=13 <--------Not sure if this points to a problem??? The following is what 'winbindd -d5 -i' spits out when the client trys to connect: rpc_read: num_read = 4, read offset: 0, to read: 4 000018 samr_io_r_close_hnd 0018 data1: 00000000 001c data2: 00000000 0020 data3: 0000 0022 data4: 0000 0024 data5: 00 00 00 00 00 00 00 00 002c status: NT_STATUS_OK [23826]: sid to gid S-1-5-21-178404139-331375567-1660491571-2273 [23826]: gid to sid 10000 [23826]: gid to sid 10001 [23826]: getgroups ftp <-------Guest account was nobody and I changed it to ftp. Here is my /etc/nsswitch.conf passwd: files winbind shadow: files group: files winbind #hosts: db files nisplus nis dns hosts: files winbind dns Here is my /etc/pam.d/system-auth auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pa ss auth required /lib/security/pam_deny.so account sufficient /lib/secutiry/pam_winbind.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shado w password required /lib/security/pam_deny.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0 022 session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Here is my /etc/samba/smb.conf: [global] workgroup = CHICAGO netbios name = SILCHRS03 server string = security = DOMAIN encrypt passwords = Yes password server = * log level = 3 log file = /var/log/samba/log.%m max log size = 50 large readwrite = Yes name resolve order = host wins bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No preferred master = False local master = No domain master = False dns proxy = No wins server = 172.30.XXX.XXX winbind uid = 10000-50000 winbind gid = 10000-50000 template shell = /bin/bash guest account = ftp invalid users = root bin daemon adm sync shutdown halt mail news uucp operator gopher printer admin = +PrinterAdmins nt acl support = No printing = cups [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No I really want this to work, so any help is appreciated. Please include my e-mail address in any replies. Thank you! Sven -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba