On Sat, May 8, 2010 at 4:00 AM, Christian PERRIER <bubu...@debian.org> wrote: > Quoting Mike Leone (tur...@mike-leone.com): > >> directories. Even tho Ubuntu 10.04 seems to have the /etc/pam.d files >> already configured for samba, I copied over the common-account, >> common-auth, common-password, common-session files from the 9.10 server >> to the 10.04 server. Did the same with the nsswitch.conf file. > > This is very very probably the source of all your problems.
To test that, I completely re-formatted by laptop once again, and re-installed 10.04. This time, I did *not* touch any file under /etc/pam.d. I then installed winbind and samba; configured nsswitch.conf; cleaned out /var/lo/samba and /var/cache/samba and /var/lib/samba. Got a ticket; joined the domain. Exact same error. "getent passwd" returns no domain users. wbinfo -u/-g/-t/-a ... all work. So the problem must not have been my editing the pam files, since I've never touched them. log.winbind shows: [2010/05/08 11:44:18, 3] libads/ldap_schema.c:324(ads_check_posix_schema_mapping) ads_check_posix_schema_mapping: failed STATUS_SOME_UNMAPPED [2010/05/08 11:44:18, 2] winbindd/idmap_ad.c:185(ad_idmap_cached_connection) ad_idmap_cached_connection: Failed to obtain schema details! [2010/05/08 11:44:18, 1] winbindd/idmap_ad.c:543(idmap_ad_sids_to_unixids) ADS uninitialized: STATUS_SOME_UNMAPPED [2010/05/08 11:44:18, 1] winbindd/winbindd_user.c:97(winbindd_fill_pwent) error getting user id for sid S-1-5-21-2780757143-49591276-3462498634-500 [2010/05/08 11:44:18, 1] winbindd/winbindd_user.c:856(winbindd_getpwent) could not lookup domain user Administrator smb.conf: [global] workgroup = DACRIB realm = DACRIB.LOCAL server string = %h server (Samba %v, Domain: %D, Server: %L - %R) security = ADS map to guest = Bad User client use spnego = true client ntlmv2 auth = yes auth methods = winbind restrict anonymous = 0 server signing = auto eventlog list = Application System Security SyslogLinux # PAM AUTH encrypt passwords = Yes obey pam restrictions = Yes pam password change = true password server = dim-win2300.DaCrib.local pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 preferred master = No domain master = No local master = No os level = 2 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d hide dot files = No # WINBIND idmap config DACRIB:backend = ad idmap config DACRIB:range=100000 - 200000 idmap config DACRIB:schema_mode = rfc2307 idmap uid = 100000-200000 idmap gid = 100000-200000 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No winbind nested groups = Yes winbind refresh tickets = true winbind separator = + winbind nss info = rfc2307 allow trusted domains = No template homedir = /home/%D/%u template shell = /bin/bash enable privileges = Yes wide links = No Anyone see anything wrong here? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba