Hi John, thanks for the feed back, I continued to have issues, then I realized I was missing the library in question and after a quick google realized I had samba/samba-winbind installed from repo but it was an older version. Samba3x in the RHEL/Centos repo contained the proper library and authentication now works for all users. So thank you very much.
Samba4 in domain controller mode, is the only way for a Linux client to authenticate against it via winbind? can regular LDAP authentication not be used? Base DN, URI, etc..? Please advise Thanks Aly On Sun, Apr 3, 2011 at 9:00 PM, Taylor, Jonn <jo...@taylortelephone.com>wrote: > On 04/03/2011 07:24 PM, Aly Khimji wrote: > > Hi guys, > > > > First time poster so I do apologize if this question has been asked > before. > > > > In a test set up we are trying to use samba4 to authenticate a small > network > > with Linux, Win, and OSX clients. I have successfully deployed samba4 in > > domain controller mode, can attach windows machines to it, manage the DC > via > > windows tools. > > We can also join Linux servers to the domain, however my problem is as > > follows, When attempting to log into a Linux server, excluding local > users, > > the only directory user that can log in is the Administrator. Any other > > directory user that attempts to log in gets a "No Logon Servers", however > if > > move that same user into the Domain Admins group they can log in with no > > issues (yes as UID=0) as reported in /var/log/secure. > > > > Can someone please explain why this happens, and what step have i missed > > that would allow regular users to log in? > > > In smb.conf set > template shell = /bin/bash > > That being said, my second question is, if it possible to have the samba4 > > server in domain controller mode, but have Linux clients authenticate via > > ldap as appose to winbind? > You have to use winbind or you will not get the right id mapping. > [global] > workgroup = EXAMPLE > realm = EXAMPLE.COM > security = ADS > password server = 192.168.173.10 > log file = /var/log/samba/samba3.log > ldap ssl = no > idmap backend = idmap_rid:EXAMPLE=500-4000000 > idmap uid = 500-4000000 > idmap gid = 500-4000000 > template homedir = /home/%U > template shell = /bin/bash > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > winbind offline logon = Yes > > > For example, when configuring an authentication method if it would > possible > > to use LDAP instead of samba/winbind? I tried to configure LDAP (correct > > base, host, uri, etc..) but when it doesn't seem to pull any info? eg id > or > > getent doesn't work. > In /etc/nsswitch.conf > passwd: files winbind > shadow: files winbind > group: files winbind > > and link 2 modules, these are for a 64 bit system, if yours is not just > remove 64 from the links > > ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so > > ln -s /usr/local/samba/lib/pam_winbind.so /lib64/security/pam_winbind.so > > > Any pointers are greatly appreciated, I am just testing out > > the capabilities of 4, i understand its still in Alpha but hope you guys > > might have some experience with it. > > > > Thanks > > > > Aly > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba