Thanks Rex, that was helpful. However, I have now run into something
else. From the smb.conf documentation:
obey pam restrictions (G)
<snip>
Note that Samba always ignores PAM for authentication in the case of
encrypt passwords = yes. The reason is that PAM modules cannot support
the challenge/response authentication mechanism needed in the presence
of SMB password encryption.
So, if I have to use encrypted passwords, and I can't use nsswitch
(apparently not working in FreeBSD 4.x), and PAM is ignored....am I out
of luck?
Say it ain't so.
Oliver
Rex Dieter wrote:
Oliver Neubauer wrote:
I'm trying to set up samba using ADS for authentication.
I can successfully join the samba machine to the domain. Windows hosts
can "see" the samba machine.
After successfully joining, doing:
# wbinfo -u
shows me ADS-defined users. Same goes for groups.
However, when I try and assign one of those users ownership of a file,
I get:
# chown user1 /tmp/test
chown: test1: illegal user name
even though that user is a valid AD user.
You need to configure pam to use nss_winbind, see
http://us1.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html#id2634773
for example, my /etc/pam.d/system-auth contains references to pam_winbind:
auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
...
account [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_winbind.so
...
password sufficient /lib/security/$ISA/pam_winbind.so use_authtok
--
Oliver Neubauer
System Administrator
Netfirms Inc.
5160 Yonge St.
Toronto, ON, CA
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
