Hello,
I have an existing windows 2003 network and now try to add a new linux server with samba/kerberos support for unified logon authentication. Normally, everything is installed & this is the configuration: - Debian with 2.6.16.4 kernel - heimdal kerberos - samba log info: log.smbd: [2005/10/17 10:48:26, 0] smbd/server.c:main(798) smbd version 3.0.14a-Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2004 log.nmbd: [2005/10/17 10:48:26, 0] nmbd/nmbd.c:main(668) Netbios nameserver version 3.0.14a-Debian started. Copyright Andrew Tridgell and the Samba Team 1994-2004 log.winbind: [2005/10/17 10:48:37, 1] nsswitch/winbindd.c:main(864) winbindd version 3.0.14a-Debian started. Copyright The Samba Team 2000-2004 There are no errors in the logging when i start the services - smb.conf (testparm) # Global parameters [global] workgroup = TEST realm = TEST.LOCAL server string = %h server (Samba %v) security = ADS obey pam restrictions = Yes password server = mainserver.test.local passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No panic action = /usr/share/samba/panic-action %d idmap uid = 10000-20000 idmap gid = 10000-20000 invalid users = root [homes] comment = Home Directories create mask = 0700 directory mask = 0700 browseable = No [webcontrol] comment = Webcontrol test path = /disk2/test guest ok = Yes [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers - nsswitch.conf passwd: files winbind group: files winbind shadow: compat hosts: files dns winbind networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis My krb5.conf: [libdefaults] default_realm = TEST.LOCAL krb4_get_tickets = false clockskew = 300 [realms] TEST.LOCAL = { kdc = MAINSERVER.TEST.LOCAL admin_server = 192.168.0.10 } [domain_realm] mainserver.test.local = TEST.LOCAL In my /etc/pam.d/samba file i have: @include common-auth @include common-account @include common-session auth required /lib/security/pam_winbind.so account required /lib/security/pam_winbind.so When i do kinit [EMAIL PROTECTED]: primsquid:/etc/samba# kinit [EMAIL PROTECTED] [EMAIL PROTECTED]'s Password: kinit: NOTICE: ticket renewable lifetime is 1 week When i do Getent passwd, i get all the information. Getent users gives me also information When i try to connect from a windows client, i get a logon screen and when i fill in my windows Administrator user or another one, the logon windows comes up again. In my loggings i get after trying: Log.smbd: [2005/10/17 11:26:28, 0] smbd/server.c:main(798) smbd version 3.0.14a-Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2004 Log.nmbd: [2005/10/17 11:26:28, 0] nmbd/nmbd.c:main(668) Netbios nameserver version 3.0.14a-Debian started. Copyright Andrew Tridgell and the Samba Team 1994-2004 Log.winbind: [2005/10/17 11:26:36, 1] nsswitch/winbindd.c:main(864) winbindd version 3.0.14a-Debian started. Copyright The Samba Team 2000-2004 In the new added logfile from the windows pc i tried to connect: [2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: TEST\phil [2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User TEST\phil! [2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: TEST\phil [2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User TEST\phil! [2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: TEST\phil [2005/10/17 11:26:59, 0] auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User TEST\phil! [2005/10/17 11:27:00, 0] auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: TEST\phil [2005/10/17 11:27:00, 0] auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User TEST\phil! [2005/10/17 11:27:00, 0] auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: TEST\phil [2005/10/17 11:27:00, 0] auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User TEST\phil! [2005/10/17 11:27:05, 0] auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: TEST\administrator [2005/10/17 11:27:05, 0] auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User TEST\administrator! On the windowsXP pc, i am logged in as phil and when i connect and i get a logon, i tried TEST\Administrator I don't find alot of good information about this error, but i hope that someone can help me out. Thnx & Grtz, Phil. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba