Find the answer to your Linux question:
Results 1 to 5 of 5
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    samba login as domain user

    I have a little lab setup consisting of

    1 x samba server
    1 x Windows 2003 domain controller
    1 x XP pro client

    I have winbind configured on the samba server which is connected to the domain successfully and I can use all the winbind commands i.e. wbinfo and getent which return the correct outputs.

    The XP client is also connected to the domain and I would like to setup a share on the samba box and use the winbind users to assign ownership and permissions to the share.
    I can also use the chown command using domain users and this work fine.

    My problem at the moment is that I can't login to the samba sever as a domain users at the moment it just says login failed? i'm sure I should be able to do this what am I missing?

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    North Carolina
    sounds like you need to configure pam for winbind
    lots of goodies here
    pam winbind - Google Search

  3. #3
    I think you maybe right, having a little trouble thinking of what config file I should play around with,

    /etc/pam.d/system-auth (I read somewhere this is generated automatically so might leave that)

    and i'm also interested to know about /etc/pam_smb.conf if anyone knows it's use


  4. $spacer_open
  5. #4
    A cheeky way of doing this is by installing webmin, I was having trouble with users, webmin fixed it for me quickly. But before that You need to make sure that all pam files have been editted to allow it to work.

    on valid users you can add groups or users:

    valid users = steveo, @"support"

    valid users = MAIN+steveo

    These both work, but the second one is for one user only, it will not let you use more then one, if you post your config file I will av a quick peek for ya

  6. #5
     default = FILE:/var/log/krb5libs.log
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmind.log
     default_realm = COMMSULT.ME
     ticket_lifetime = 24h
     forwardable = yes
     COMMSULT.ME = {
      kdc =
      default_domain = COMMSULT
    # pam = {
    #   debug = false
    #   ticket_lifetime = 36000
    #   renew_lifetime = 36000
    #   forwardable = true
    #   krb4_convert = false
    # }
    passwd:     files winbind
    shadow:     files winbind
    group:      files winbind

    security = ads
    	workgroup = COMMSULT
    	server string = Samba Server Version %v
    	netbios name = fedora
            server string = Samba Server Version %v
            realm = COMMSULT.ME
            password server =
            idmap uid = 1000 - 299999
    	idmap gid = 300000 - 600000
            winbind enum users = yes
            winbind enum groups = yes
            winbind separator = +
    	winbind use default domain = yes
    #	winbind refresh ticket = yes
    	winbind offline logon = yes
    	client use spnego = yes
            domain master = no
    	auth methods = winbind
    	wins server =
    	browseable = yes
    	writeable = yes
    	path = /home/humphreyse
    	vaild users = COMMSULT.ME+edward
    	comment = Public Stuff
    	path = /home/public
    	public = yes
    	writable = yes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts