Hello Robert, Kris. I have tried with client ntlmv2 auth = yes but I'm still getting the problem.
This is output from the messages log; Feb 2 16:32:26 udcsp03 winbindd[19999]: [2010/02/02 16:32:26, 0] rpc_client/cli_pipe.c:cli_pipe_verify_schannel(354) Feb 2 16:32:26 udcsp03 winbindd[19999]: cli_pipe_verify_schannel: auth_len 56. Above Startup Feb 2 16:32:26 udcsp03 winbindd[20007]: [2010/02/02 16:32:26, 0] nsswitch/idmap.c:smb_register_idmap(146) Feb 2 16:32:26 udcsp03 winbindd[20007]: Idmap module rid already registered! Feb 2 16:32:26 udcsp03 winbindd[20007]: [2010/02/02 16:32:26, 0] lib/module.c:do_smb_load_module(69) Feb 2 16:32:26 udcsp03 winbindd[20007]: Module '/usr/lib64/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION The above is from when I do wbinfo -g or wbinfo -u Feb 2 16:33:07 udcsp03 winbindd[19999]: [2010/02/02 16:33:07, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Feb 2 16:33:07 udcsp03 winbindd[19999]: rpc_api_pipe: Remote machine INFRADC06.sweinfra.se pipe \NETLOGON fnum 0x8008returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED And above the main problem, wbinfo -a domainuser%password I'm attaching my smb.conf. /JB > -----Original Message----- > From: Robert Freeman-Day [mailto:pres...@gmail.com] > Sent: den 2 februari 2010 15:31 > To: Kris Kaido > Cc: Bergstrom Johan; samba@lists.samba.org > Subject: Re: [Samba] Samba/winbind with Active Directory auth > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Kris and Johan, > > Both of you have not appended your smb.conf files. Maybe doing that > would help as well. > > - From what I am seeing, the pam stack Kris gave was authenticating via > winbind which would use either plaintext, lanman, ntlm or ntlmv2 and not > configured to authenticate using kerberos. The plaintext password > authentication is pretty insecure and this is what I suspect your setup > is attempting to use. Win 2008 has that disabled by default as well as > (afaik) lanman and ntlm. If you plan on using winbind to authenticate, > you will likely need to add the following directive in the [global] > section of your smb.conf file: > > client ntlmv2 auth = yes > > You may then need to restart winbindd and smbd (hell, you could restart > the whole machine if you felt like it). Tell us if this works out for > you. > > > Volker Lendecke wrote: > > On Tue, Jan 19, 2010 at 08:23:45AM +0400, Alexander R. Fahrutdinov > wrote: > >> В сообщении от Понедельник 18 января 2010 19:33:00 автор Kris Kaido > написал: > >>> Hi List, > >>> > >>> I'm installing a Samba server with the intended purpose of serving > files to > >>> Windows users with seamless authentication on the smb server. > >>> For that, I've been reading and following every single google search > result > >>> regarding the subject, but it seems I'm stuck at some point where > other > >>> people are not blocked ... > >>> > >>> To summarize, I have these commands OK: > >>> # kinit admin_u...@domain.example.com > >>> # klist (ticket ok) > >>> # net join ads -S server -U admin_user > >>> # wbinfo -u and -g (both showing "DOMAIN\...") > >>> # wbinfo -t (succeeded) > >> > >> Try to use Kerberos auth (wbinfo -K login%pass). It's possible, Windows > PDC > >> does not support NT-style auth via pipe. Also, try 'nt pipe support = > no' > >> option in smb.conf file. > > > > ??? > > > > nt pipe support = no > > > > is extremely unlikely to ever help these days. > > > > Volker > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAktoNyMACgkQup357T5MfTZZQACfddZOp6HuFaC7yQ4ccQY3s/Gx > DqQAn3/1pdGzOj+LnnNEFNiabeMff/Qq > =F63l > -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
