On Sat, May 8, 2010 at 4:00 AM, Christian PERRIER <bubu...@debian.org> wrote:
> Quoting Mike Leone (tur...@mike-leone.com):
>
>> directories. Even tho Ubuntu 10.04 seems to have the /etc/pam.d files
>> already configured for samba, I copied over the common-account,
>> common-auth, common-password, common-session files from the 9.10 server
>> to the 10.04 server. Did the same with the nsswitch.conf file.
>
> This is very very probably the source of all your problems.
To test that, I completely re-formatted by laptop once again, and
re-installed 10.04. This time, I did *not* touch any file under
/etc/pam.d. I then installed winbind and samba; configured
nsswitch.conf; cleaned out /var/lo/samba and /var/cache/samba and
/var/lib/samba.
Got a ticket; joined the domain.
Exact same error. "getent passwd" returns no domain users. wbinfo
-u/-g/-t/-a ... all work.
So the problem must not have been my editing the pam files, since I've
never touched them.
log.winbind shows:
[2010/05/08 11:44:18, 3]
libads/ldap_schema.c:324(ads_check_posix_schema_mapping)
ads_check_posix_schema_mapping: failed STATUS_SOME_UNMAPPED
[2010/05/08 11:44:18, 2] winbindd/idmap_ad.c:185(ad_idmap_cached_connection)
ad_idmap_cached_connection: Failed to obtain schema details!
[2010/05/08 11:44:18, 1] winbindd/idmap_ad.c:543(idmap_ad_sids_to_unixids)
ADS uninitialized: STATUS_SOME_UNMAPPED
[2010/05/08 11:44:18, 1] winbindd/winbindd_user.c:97(winbindd_fill_pwent)
error getting user id for sid S-1-5-21-2780757143-49591276-3462498634-500
[2010/05/08 11:44:18, 1] winbindd/winbindd_user.c:856(winbindd_getpwent)
could not lookup domain user Administrator
smb.conf:
[global]
workgroup = DACRIB
realm = DACRIB.LOCAL
server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
security = ADS
map to guest = Bad User
client use spnego = true
client ntlmv2 auth = yes
auth methods = winbind
restrict anonymous = 0
server signing = auto
eventlog list = Application System Security SyslogLinux
# PAM AUTH
encrypt passwords = Yes
obey pam restrictions = Yes
pam password change = true
password server = dim-win2300.DaCrib.local
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
log level = 3
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
preferred master = No
domain master = No
local master = No
os level = 2
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
hide dot files = No
# WINBIND
idmap config DACRIB:backend = ad
idmap config DACRIB:range=100000 - 200000
idmap config DACRIB:schema_mode = rfc2307
idmap uid = 100000-200000
idmap gid = 100000-200000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind nested groups = Yes
winbind refresh tickets = true
winbind separator = +
winbind nss info = rfc2307
allow trusted domains = No
template homedir = /home/%D/%u
template shell = /bin/bash
enable privileges = Yes
wide links = No
Anyone see anything wrong here?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
