On Tue, 14 May 2002, Adcock, Christine M. wrote: > accounts if we can help it. When I read through the man pages and HowTo > documentation it at first seemed that this was possible using Winbindd and > PAM. Upon closer investigation it looks like the users must have UNIX > accounts and smbpasswd accounts to enable the challenge/response > authentication - is this true?
No. Winbind's PAM and NSS module will take care this for you. > I am also confused as to whether PAM is relevant since the majority of > documentation states that it only works with clear-text passwords and > W2K and NT require passwords to be encrypted. Can someone elaborate on > this relationship please? I am about ready to give up and say that this > cannot be done. If Samba authenticates a user via PAM, then clear text passwords must be used. However, the pam_winbind module is for use by applications other than Samba so you can safely use "encryt passwords = yes". > BTW - I can run through the DIAGNOSIS.txt tests successfully up to Test 7 > and the user accounts I am testing with are valid in AD. In addition, I have > read through many of the mailing list postings and the error I get back on > test seven is the same as many others - NT_STATUS_LOGON_FAILURE, the log > says - auth2 challenge failed - NT_STATUS_ACCESS_DENIED. Did you add the Samba box to the domain? Ahh...You should probably try 2.2.4 since there was a related big-endian related bug fixed between 2.2.3a and 2.2.4 related to joining a domain. cheers, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
