Walter Huf wrote: > I changed those lines, and nothing seemed to change. > However, I remembered more information that I could include. > getent passwd does not list domain users, only local users. > > Sample lines from /var/log/samba/log.winbindd: > [2008/02/22 14:13:21, 1] nsswitch/idmap_ad.c:idmap_ad_sids_to_unixids(613) > Could not get unix ID > [2008/02/22 14:13:21, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(85) > error getting user id for sid S-1-5-21-2143970516-726479814-926709054-1840 > [2008/02/22 14:13:21, 1] nsswitch/winbindd_user.c:winbindd_getpwent(728) > could not lookup domain user otherusername > > Does this help at all? > Has anybody gotten Winbind 3.0.26a to authenticate successfully with Active > Directory?
I can't specifically say 3.0.26a. But I've been doing it since 3.0.6 or something. Like you I use sfu and the backend is ad. Used to have to merge the padl idmap_ad module patches to the source. I used to run redhat, then fedora, now opensuse. Each has their own technique to setting up pam. Here's opensuse version for login and su and sshd. Each service includes a set of common configurations and maybe some uniq to the individual service. I've found using the distro supplied software for configuring system auth to be the easiest way to get a baseline. In opensuse it's pam-config. In fedora it was system-config-authentication. Anytime I mess with the auth methods, I stop nscd from running during the tests. pam.d/login #%PAM-1.0 auth requisite pam_nologin.so auth [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so auth include common-auth account include common-account password include common-password session required pam_loginuid.so session include common-session session required pam_lastlog.so nowtmp session required pam_resmgr.so session optional pam_mail.so standard session optional pam_ck_connector.so pam.d/su #%PAM-1.0 auth sufficient pam_rootok.so auth include common-auth account include common-account password include common-password session include common-session session optional pam_xauth.so pam.d/sshd #%PAM-1.0 auth requisite pam_nologin.so auth include common-auth account include common-account password include common-password session required pam_loginuid.so session include common-session pam.d/common-auth auth required pam_env.so auth sufficient pam_unix2.so auth sufficient pam_ldap.so use_first_pass auth required pam_winbind.so use_first_pass pam.d/common-account account requisite pam_unix2.so account sufficient pam_localuser.so account sufficient pam_ldap.so use_first_pass account required pam_winbind.so use_first_pass pam.d/common-password password sufficient pam_winbind.so password requisite pam_pwcheck.so nullok cracklib remember= password sufficient pam_unix2.so use_authtok nullok password required pam_ldap.so try_first_pass use_authtok pam.d/common-session session optional pam_mkhomedir.so session required pam_limits.so session required pam_unix2.so session optional pam_ldap.so session required pam_winbind.so session optional pam_umask.so umask=002 gate:~ # ssh [EMAIL PROTECTED] Password: Last login: Tue Feb 19 23:14:46 2008 from console Have a lot of fun... [EMAIL PROTECTED]:~> logout Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
