I have a Windows 2000 AD PDC that hosts a domain. He also trusts our existing Windows NT domain (2-way trust, they both trust each other). I also have a Gentoo Linux machine that I have compiled Samba 3.0 on. I can get almost everything to work with regards to talking to the Windows 2k PDC, like this:
mccoy samba # wbinfo -u LIGHTSPEED+Administrator LIGHTSPEED+Guest LIGHTSPEED+TsInternetUser LIGHTSPEED+IUSR_KINGATRHYME LIGHTSPEED+IWAM_KINGATRHYME LIGHTSPEED+krbtgt LIGHTSPEED+RI-ONLINE$ LIGHTSPEED+ecline LIGHTSPEED+jlally
But whenever I try anything regarding authentication, it fails:
mccoy samba # wbinfo -a ecline%blahblah plaintext password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) error messsage was: No logon servers Could not authenticate user ecline%blahblah with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e) error messsage was: No logon servers Could not authenticate user ecline with challenge/response
Also, I have tried to get the pam setup to work, without much success. See here:
Jun 18 10:09:44 mccoy sshd(pam_unix)[11074]: check pass; user unknown
Jun 18 10:09:44 mccoy sshd(pam_unix)[11074]: check pass; user unknown
Jun 18 10:09:44 mccoy pam_winbind[11074]: request failed: No logon servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 18 10:09:44 mccoy pam_winbind[11074]: request failed: No logon servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 18 10:09:44 mccoy pam_winbind[11074]: internal module error (retval = 4, user = `jlally'
Jun 18 10:09:44 mccoy pam_winbind[11074]: internal module error (retval = 4, user = `jlally'
Jun 18 10:09:44 mccoy pam_winbind[11074]: request failed: No logon servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 18 10:09:44 mccoy pam_winbind[11074]: request failed: No logon servers, PAM error was 4, NT error was NT_STATUS_NO_LOGON_SERVERS
Jun 18 10:09:44 mccoy pam_winbind[11074]: internal module error (retval = 4, user = `jlally'
Jun 18 10:09:44 mccoy pam_winbind[11074]: internal module error (retval = 4, user = `jlally'
Jun 18 10:09:44 mccoy sshd[11074]: Failed password for jlally from 172.22.4.97 port 54689 ssh2
Jun 18 10:09:44 mccoy sshd[11074]: Failed password for jlally from 172.22.4.97 port 54689 ssh2
Jun 18 10:09:46 mccoy sshd(pam_unix)[11074]: check pass; user unknown
Jun 18 10:09:46 mccoy sshd(pam_unix)[11074]: check pass; user unknown
So I am not sure where to go from here. I can provide some verbose log.winbind files, or tcpdump if neccessary. What i am ultimately trying to accomplish is allowing people who have 2000 accounts in AD access to my linux machines. We have a lot of web tools that rely on having a valid account on the unix machine, and this would make my life a lot easier. Interestingly enough, just using su - <domain user> works just fine, as long as I first set them up with a home directory:
mccoy samba # su - jlally
[EMAIL PROTECTED] jlally $ id
uid=10007(LIGHTSPEED+jlally) gid=10000(LIGHTSPEED+Domain Users) groups=10000(LIGHTSPEED+Domain Users),10001,10002,10003(LIGHTSPEED+Domain Admins)
[EMAIL PROTECTED] jlally $
If you need any further information, please let me know ...
-e
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
