I had this issue and learned that it was a misunderstanding of mine that once i added the samba server to the domain and enabled winbind that it would authenticate all my ADS users without intervention. However, upon further investication I found that only users that had an account with the same name on the samba server would be authenticated to the share. To make a long story short, you need to do so more configuration with winbind allowing it to do the following, get domain user information, communicate with PDC for authentication and use PAM for something or the other.
Just look up the winbind section in the samba reference guide and you will see what I'm speaking of. Good luck ----- Original Message ----- From: "Michael Wray" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, March 09, 2005 4:04 PM Subject: Re: [Samba] ADS question > On Wednesday 09 March 2005 8:56 am, Marcus Franke wrote: > > Hi, > > > > > [public] > > > comment = Backup Verzeichnis > > > path = /mnt/backup > > > admin users = DOMAIN+Administrator, root > > > valid users = DOMAIN+Administrator, root > > > > > > The administrator of my Windows domain now should be able > > > to access the "public" share. But when I try to access the > > > box I am asked for a username and a password. > > > > > > I found, that getent passwd and group does not list the > > > domain users and groups, just my local users and groups > > > > > > >from /etc/passwd and /etc/groups. > > > > After some more searching, I tuned the loglevel up to 10 and > > found these entries in winbindd.log: > > > > [2005/03/09 15:37:00, 0] > > libsmb/cliconnect.c:cli_session_setup_spnego(764) > > Kinit failed: Preauthentication failed > > [2005/03/09 15:38:12, 1] > > nsswitch/winbindd_group.c:winbindd_getgroups(1032) > > user 'marcus' does not exist > > [2005/03/09 15:38:28, 1] > > nsswitch/winbindd_group.c:winbindd_getgroups(1032) > > user 'root' does not exist > > [2005/03/09 15:40:00, 1] > > nsswitch/winbindd_group.c:winbindd_getgroups(1032) > > user 'root' does not exist > > [2005/03/09 15:42:00, 0] > > libsmb/cliconnect.c:cli_session_setup_spnego(764) > > Kinit failed: Preauthentication failed > > > > kinit failed? > > > > I can use wbinfo -[sgu] even from the local user "marcus" > > and get positive info from it, why not when invoked from > > the server? > > > > I can mail the smbd log for the machine I am trying to connect > > to the server. But the output is huge (41k) and I would not > > like to post it directly to the list :) > > > > Any suggestions? I would be happy for every hint. > > > > > > Marcus > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
