I have a RedHat Linux 9 server that I would like to allow users in my Windows 2000 domain to be able to map shares from without actually having an account on the system. Compiled samba, configured with "./configure --with-pam". Got the server into the domain, and regular "security = domain" seems to be working appropriately - providing there's a local account with the same username as the 2K Domain user. winbind appears to be providing the accounts appropriately - both wbinfo and getent return what you'd expect them to; a wbinfo -a with a user on the domain (the one trying to connect, in fact) gets:
plaintext password authentication succeeded It simply appears as if, when a user attempts to connect to the share, it fails to try to match the W2K account (IE, DOM\user) to the winbind account (DOM+user) and near as I can tell, fails since there isn't an account on the system under "user". Here are the relevant smb.conf lines: [global] netbios name = newweb load printers = no guest account = nobody workgroup = LIB security = domain password server = * encrypt passwords = yes local master = no os level = 1 wins server = 131.247.112.6 server string = LIB309 -Sys-Library Web Server preserve case = yes invalid users = root mail daemon log level = 3 debug uid = yes debug pid = yes log file = /usr/local/samba/logs/log.%m lock directory = /usr/local/samba/var/locks share modes = yes winbind separator = + winbind uid = 12500-19999 winbind gid = 12500-19999 winbind enum users = yes winbind enum groups = yes template homedir = /dev/null [webdocs] comment = Webdocs Share browseable = yes force create mode = 0664 force directory mode = 0775 path = /data1/webdocs valid users = @web,@wheel,@LIB+Technology read only = yes locking = no Not sure that this is set up right, or that I might be missing something else: /etc/pam.d/samba auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok account required /lib/security/pam_winbind.so session required /lib/security/pam_pwdb.so password required /lib/security/pam_pwdb.so # shadow md5 nullok audit When a user that doesn't have a matching Linux account tries to access the share, they get challenged. Please let me know what I'm missing - either in my Samba configuration or in the information I've attempted to provide to you.` Thanks muchly in advance for your assistance. Eric Stewart - Network Admin - USF Tampa Library - [EMAIL PROTECTED] SCUBA Diver: 220 Dives Most Recent: 05/10/03 Chankanaab Park, Cozumel GeoCacher: 58 Found Most Recent: 07/04/03 GCGBHE - Fun in the Sun http://www.scubadiving.com/talk/ and http://www.geocaching.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba