Depends on where you're talking about your users authenticating, but it
sounds like you need a:
winbind use default domain = yes
in your smb.conf.
- rob.
On 07/13/2010 02:00 AM, Philipp Braband wrote:
> Hi everyone,
>
> I have a problem with my samba and winbind configuration:
>
> before I switched the config (from local user authentication to AD
> authentication using winbind) my users were able to authenticate for example
> as “peter”. Now, after switching, they are forced to use
> SAMBASERVERNAME\peter. If they use only “peter” winbind tries to authenticate
> them against the AD which fails. Is there a way to “teach” winbind to try to
> authenticate every user locally if they dont use DOMAIN\peter ?
> Hope you understand my problem in spite of my bad English ☺
>
>
> My configuration:
>
> SLES11 SP0
> samba-3.2.7-11.6
> samba-winbind-3.2.7-11.6
> krb5-1.6.3-133.10
>
>
> smb.conf:
>
> [global]
> workgroup = DOMAIN
> netbios aliases = SAMBASERVER
> interfaces = eth0, 127.0.0.1/8
> bind interfaces only = Yes
> ;security = ADS
> security = ADS
> password server = 192.168.1.1
> load printers = No
> disable spoolss = Yes
> show add printer wizard = No
> ;printcap name = cups
> logon path = \\%L\profiles\.msprofile
> logon drive = P:
> logon home = \\%L\%U\.9xprofile
> encrypt passwords = Yes
> smb passwd file = /etc/samba/smbpasswd
> username map = /etc/samba/smbusers
> kernel oplocks = No
> ldap ssl = no
> printing = bsd
> ;cups options = raw
> print command = lpr -r -P'%p' %s
> lpq command = lpq -P'%p'
> lprm command = lprm -P'%p' %j
> include = /etc/samba/dhcp.conf
> log level = 1
> realm = DOMAIN.DE
> template homedir = /home/%D/%U
> template shell = /bin/bash
> usershare allow guests = No
> winbind refresh tickets = yes
> winbind offline logon = yes
> idmap gid = 10000-20000
> idmap uid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
>
> idmap backend = ad
> idmap config DOMAIN : backend = ad
> winbind nss info = rfc2307
>
>
>
> krb5.conf
>
>
> [libdefaults]
> default_realm = DOMAIN.DE
> clockskew = 300
>
>
> [realms]
> DOMAIN.DE = {
> kdc = 192.168.1.1
> admin_server = 192.168.1.1
> default_domain = domain.de
> }
>
>
>
>
> [logging]
> kdc = FILE:/var/log/krb5/krb5kdc.log
> admin_server = FILE:/var/log/krb5/kadmind.log
> default = SYSLOG:NOTICE:DAEMON
>
>
>
> [domain_realm]
> .domain.de = DOMAIN.DE
>
>
>
> [appdefaults]
> pam = {
> ticket_lifetime = 1d
> renew_lifetime = 1d
> forwardable = true
> proxiable = false
> minimum_uid = 1
> }
>
>
> Cheers,
> Philipp
>
> ________________________________________________
> S&L Netzwerktechnik GmbH
> Philipp Braband
> Networking Team
>
> Florinstrasse 18
> 56218 Muelheim-Kaerlich
>
> Telefon: +49 261 92736 308
> Fax:
> Email: [email protected]
> www: http://www.sul.de
> www: http://www.controlseries.de
> www: http://www.monitoring-solution.de
> ________________________________________________
>
>
> S&L Netzwerktechnik GmbH - Geschaeftsfuehrer Goetz Schmitt, Oliver Schmitt
> Sitz der Gesellschaft: Muelheim-Kaerlich - Amtsgericht Koblenz HRB 135 53
> USt-ID: DE 171698897 - USt-ID: Luxembourg LU 18934643
>
> Diese E-Mail kann vertrauliche und/oder rechtlich geschuetzte Informationen
> enthalten. Wenn Sie nicht der beabsichtigte Empfaenger sind oder diese E-Mail
> irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender
> telefonisch oder per E-Mail und loeschen Sie diese E-Mail aus Ihrem System.
> Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
> gestattet. Wir haften nicht fuer die Unversehrtheit von E-Mails, nachdem sie
> unseren Einflussbereich verlassen haben.
>
> This e -mail may contain confidential and/or privileged information. If you
> are not the intended recipient (or have received this e-mail in error) please
> notify the sender immediately by call or e-mail and destroy this e-mail. Any
> unauthorised copying, disclosure or distribution of the material in this
> e-mail is strictly forbidden. We are not responsible for the integrity of
> e-mails after they have left our sphere of control.
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
