Ok - I replaced my /etc/pam.d/login with the one you've posted. getent still lists me just local machine users and groups.
Trying to attach to the machine results in this in the hosts samba log: Doing spnego session setup NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] Got OID 1 2 840 48018 1 2 2 Got OID 1 2 840 113554 1 2 2 Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 1235 Ticket name is [EMAIL PROTECTED] Username gavdav is invalid on this system error string = No such file or directory error packet at smbd/sesssetup.c(220) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE timeout_processing: End of file from client (client has disconnected). setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Closing connections Yielding connection to yield_connection: tdb_delete for name failed with error Record does not exist. Server exit (normal exit) Still stuck - what should I have in /etc/pam_smb.conf, and /etc/pam.d/system-auth ?? smb.conf now: # Global parameters [global] workgroup = MYDOMAIN realm = MYNETWORK.ISP.CO.UK server string = Revolver security = ADS password server = bashful log level = 3 log file = /var/log/samba/log.%m max log size = 100 smb ports = 139 445 announce as = NT Workstation name resolve order = host bcast client signing = Yes server signing = Yes client use spnego = Yes use spnego = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 10 preferred master = No local master = No domain master = No dns proxy = No idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind separator = + winbind cache time = 2 winbind use default domain = Yes template homedir = /home/%D/%U template shell = /bin/bash winbind enum users = yes winbind enum groups = yeS comment = Redhat 8.0 Samba hosts allow = 127., 10.0.0. [homes] comment = Home Directories read only = No browseable = No [usr-local] path = /usr/local read only = Yes valid users = @MYNETWORK.ISP.CO.UK\"Domain Users" Admin users = @MYNETWORK.ISP.CO.UK\gavdav ################################################### Re: domain groups accessing samba share Hi Gavin, This is what I have for my /etc/pam.d/login #%PAM-1.0 auth required pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so nodelay use_first_pass auth sufficient /lib/security/pam_krb5.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account sufficient /lib/security/pam_winbind.so account sufficient /lib/security/pam_krb5.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so And when I issue getent group or getent passwd it lists both local and ADS users. Regards, Luke -----Original Message----- From: Gavin Davenport [mailto:[EMAIL PROTECTED] Sent: 15 October 2003 09:05 To: [EMAIL PROTECTED] Cc: Tim Jordan, Network Services Subject: RE: [Samba] Re: domain groups accessing samba share Hiya Tim, Thanks for helping. Can you post your smb.conf /etc/pam.d/login wbinfo -g wbinfo -u getent passwd getent group Here we go: # Global parameters [global] workgroup = MYDOMAIN realm = MYNETWORK.ISP.CO.UK server string = Linux Samba Server security = ADS password server = bashful log level = 3 log file = /var/log/samba/log.%m max log size = 100 smb ports = 445 announce as = NT Workstation name resolve order = host bcast wins server = 10.0.0.104 client signing = Yes server signing = Yes client use spnego = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 10 preferred master = No local master = No domain master = No dns proxy = No idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash # winbind separator = + winbind cache time = 2 # winbind use default domain = Yes comment = Redhat 7.1 Samba hosts allow = 127., 10.0.0. [homes] comment = Home Directories read only = No browseable = No [Software] comment = Software Library path = /mnt/largeprimary/software # valid users = @MYNETWORK.ISP.CO.UK\"Domain Users" # Admin users = @MYNETWORK.ISP.CO.UK\gavdav [EMAIL PROTECTED] /root]# more /etc/pam.d/login #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so wbinfo -u [EMAIL PROTECTED] /root]# wbinfo -u MYDOMAIN\gavdav MYDOMAIN\Guest MYDOMAIN\Administrator MYDOMAIN\krbtgt MYDOMAIN\SUPPORT_388945a0 MYDOMAIN\fbloggs <snip> wbinfo -g [EMAIL PROTECTED] /root]# wbinfo -g MYDOMAIN\Domain Computers MYDOMAIN\Cert Publishers MYDOMAIN\Domain Users MYDOMAIN\Domain Guests MYDOMAIN\RAS and IAS Servers MYDOMAIN\Group Policy Creator Owners MYDOMAIN\Schema Admins MYDOMAIN\Enterprise Admins MYDOMAIN\Domain Admins MYDOMAIN\Domain Controllers <snip> [EMAIL PROTECTED] /root]# getent passwd root:x:0:0:root:/root:/bin/bash <snip> xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false gdm:x:42:42::/home/gdm:/bin/bash gavdav:x:500:500:Gavin Davenport:/home/gavdav:/bin/bash named:x:200:200:Nameserver:/var/named:/bin/false vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin [EMAIL PROTECTED] /root]# getent group root:x:0:root <snip> nobody:x:99: users:x:100:gavdav <snip> xfs:x:43: gdm:x:42: gavdav:x:500: vcsa:x:69: getent and setent are listing local users and groups. What do I need to change in /etc/pam.d/login to fix it ? Where should I be looking for help ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba