Have you tried: Manually putting password server = IP adress rather than *.
[homes] comment = Home Directories browseable = no writable = yes valid users =%D+%S The chmod for home directory should be 700, chown to the user and chown group to 'DOMAIN+Domain Users' If you can use getent passwd and getent groups I presume it's just a permissions thing. I haven't been able to get pam_mkhomedir.so to work so I just manually create the accounts. I'm just writing a guide on how to do it now on Debian 3.0. Good luck, Shaolin - IT Systems WB Ltd. .: http://www.security-forums.com :. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 08, 2002 10:29 PM Subject: [Samba] Please assist with Winbind issues! > Hello, > > I've been trying for a couple of weeks now to get Samba to authenticate via Winbind to an NT domain. I've scoured Google and the mailing lists to no avail. I've tried various configurations that I've found during my searches, but none of them have worked for me. > > I need to be able to authenticate users, that do not have an account on the Linux box, against the NT domain, and automatically create a home directory for them. This is the purpose of Winbind (except the home directory part, which pam_mkhomedir is supposed to do), as I understand it. Something between winbind and pam is failing since the connecting user gets authenticated as guest rather than an actual user. > > My current configuration is RedHat 7.3 and Samba 2.2.5. My most current samba installation is an RPM generated via the makerpms.sh script in the packaging/RedHat folder of the 2.2.5 samba distribution. > > I've added the following compilation flags in the samba2.spec file: This is my latest attempt, since nothing else seemed to work. > > --with-ssl \ > --with-sslinc=/usr/include/openssl \ > --with-ssllib=/usr/lib/ssl \ > --with-acl-support \ > --with-winbind \ > --with-winbind-auth-challenge \ > > 'getent passwd' and 'getent group' work properly so I think winbind works, too. I think the problem lies somewhere with pam, but I'm not a pam guru by any stretch of the imagination. > > The problem is one I've seen discussed a couple of times, but have not seen any kind of resolution. The next few lines are from the log file of the client attempting to connect to the server with an account called ilchtest. > > [2002/10/08 15:00:50, 3] lib/util_sock.c:open_socket_out(845) > Connecting to 10.226.XXX.XXX at port 139 > [2002/10/08 15:00:50, 3] smbd/reply.c:reply_sesssetup_and_X(1045) > No such user ilchtest [CHICAGO] - using guest account > > > > The following is the last line of what 'winbindd -d5 -i' spits out when I start it from the root prompt: > > tdb(unknown): tdb_brlock failed (fd=10) at offset 4 rw_type=1 lck_type=13 <--------Not sure if this points to a problem??? > > > > > The following is what 'winbindd -d5 -i' spits out when the client trys to connect: > > rpc_read: num_read = 4, read offset: 0, to read: 4 > 000018 samr_io_r_close_hnd > 0018 data1: 00000000 > 001c data2: 00000000 > 0020 data3: 0000 > 0022 data4: 0000 > 0024 data5: 00 00 00 00 00 00 00 00 > 002c status: NT_STATUS_OK > [23826]: sid to gid S-1-5-21-178404139-331375567-1660491571-2273 > [23826]: gid to sid 10000 > [23826]: gid to sid 10001 > [23826]: getgroups ftp <-------Guest account was nobody and I changed it to ftp. > > > > Here is my /etc/nsswitch.conf > > passwd: files winbind > shadow: files > group: files winbind > > #hosts: db files nisplus nis dns > hosts: files winbind dns > > > > > > Here is my /etc/pam.d/system-auth > > auth required /lib/security/pam_env.so > auth sufficient /lib/security/pam_winbind.so > auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pa > ss > auth required /lib/security/pam_deny.so > > account sufficient /lib/secutiry/pam_winbind.so > account required /lib/security/pam_unix.so > > password required /lib/security/pam_cracklib.so retry=3 > password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shado > w > password required /lib/security/pam_deny.so > > session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0 > 022 > session required /lib/security/pam_limits.so > session required /lib/security/pam_unix.so > > Here is my /etc/samba/smb.conf: > > [global] > workgroup = CHICAGO > netbios name = SILCHRS03 > server string = > security = DOMAIN > encrypt passwords = Yes > password server = * > log level = 3 > log file = /var/log/samba/log.%m > max log size = 50 > large readwrite = Yes > name resolve order = host wins bcast > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > load printers = No > preferred master = False > local master = No > domain master = False > dns proxy = No > wins server = 172.30.XXX.XXX > winbind uid = 10000-50000 > winbind gid = 10000-50000 > template shell = /bin/bash > guest account = ftp > invalid users = root bin daemon adm sync shutdown halt mail news uucp operator gopher > printer admin = +PrinterAdmins > nt acl support = No > printing = cups > > [homes] > comment = Home Directories > read only = No > browseable = No > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > browseable = No > > > I really want this to work, so any help is appreciated. > Please include my e-mail address in any replies. > > Thank you! > > > Sven > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba