I know it's been less than a day but I'm kind of surprised that I haven't gotten an answer on this one way or the other ... so let me ask a simpler question:
Are winbind served users of a Linux machine supposed to have access to the samba shares served by that Linux machine? If so, please provide sample smb.conf's (if they differ from mine below) and pam.d/* files. As my users only need access to the samba shares, and not login access, I'm hesitant to change any /etc/pam.d/ file aside from /etc/pam.d/samba ... A bit of further testing has shown that at the very least, samba continues to attempt to look for "user" instead of "DOM+user" when trying to validate. Please! This is the last step I *must* get past before I can move mission critical services from a Sun Solaris 8 box to this Redhat Linux 9 machine ... Eric Stewart - Network Admin - USF Tampa Library - [EMAIL PROTECTED] SCUBA Diver: 220 Dives Most Recent: 05/10/03 Chankanaab Park, Cozumel GeoCacher: 58 Found Most Recent: 07/04/03 GCGBHE - Fun in the Sun http://www.scubadiving.com/talk/ and http://www.geocaching.com/ > -----Original Message----- > From: Stewart, Eric > Sent: Wednesday, July 16, 2003 3:21 PM > To: [EMAIL PROTECTED] > Subject: [Samba] Samba 2.2.8a/winbindd - 2K Domain users password > challenged > > > I have a RedHat Linux 9 server that I would like to > allow users in my Windows 2000 domain to be able to map > shares from without actually having an account on the system. > Compiled samba, configured with "./configure --with-pam". > Got the server into the domain, and regular "security = > domain" seems to be working appropriately - providing there's > a local account with the same username as the 2K Domain user. > winbind appears to be providing the accounts > appropriately - both wbinfo and getent return what you'd > expect them to; a wbinfo -a with a user on the domain (the > one trying to connect, in fact) gets: > > plaintext password authentication succeeded > > It simply appears as if, when a user attempts to > connect to the share, it fails to try to match the W2K > account (IE, DOM\user) to the winbind account (DOM+user) and > near as I can tell, fails since there isn't an account on the > system under "user". > Here are the relevant smb.conf lines: > > [global] > netbios name = newweb > load printers = no > guest account = nobody > workgroup = LIB > security = domain > password server = * > encrypt passwords = yes > local master = no > os level = 1 > wins server = 131.247.112.6 > server string = LIB309 -Sys-Library Web Server > preserve case = yes > invalid users = root mail daemon > log level = 3 > debug uid = yes > debug pid = yes > log file = /usr/local/samba/logs/log.%m > lock directory = /usr/local/samba/var/locks > share modes = yes > winbind separator = + > winbind uid = 12500-19999 > winbind gid = 12500-19999 > winbind enum users = yes > winbind enum groups = yes > template homedir = /dev/null > > [webdocs] > comment = Webdocs Share > browseable = yes > force create mode = 0664 > force directory mode = 0775 > path = /data1/webdocs > valid users = @web,@wheel,@LIB+Technology > read only = yes > locking = no > > Not sure that this is set up right, or that I might be > missing something else: > > /etc/pam.d/samba > auth sufficient /lib/security/pam_winbind.so > auth required /lib/security/pam_pwdb.so > use_first_pass > shadow nullok > account required /lib/security/pam_winbind.so > session required /lib/security/pam_pwdb.so > password required /lib/security/pam_pwdb.so # shadow md5 > nullok audit > > When a user that doesn't have a matching Linux account > tries to access the share, they get challenged. > Please let me know what I'm missing - either in my > Samba configuration or in the information I've attempted to > provide to you.` > Thanks muchly in advance for your assistance. > > Eric Stewart - Network Admin - USF Tampa Library - [EMAIL PROTECTED] > SCUBA Diver: 220 Dives Most Recent: 05/10/03 Chankanaab Park, Cozumel > GeoCacher: 58 Found Most Recent: 07/04/03 GCGBHE - Fun in the Sun > http://www.scubadiving.com/talk/ and http://www.geocaching.com/ > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba