samba login as domain user

[aueddonline]

I have a little lab setup consisting of

1 x samba server
1 x Windows 2003 domain controller
1 x XP pro client


I have winbind configured on the samba server which is connected to the domain successfully and I can use all the winbind commands i.e. wbinfo and getent which return the correct outputs.

The XP client is also connected to the domain and I would like to setup a share on the samba box and use the winbind users to assign ownership and permissions to the share.
I can also use the chown command using domain users and this work fine.

My problem at the moment is that I can't login to the samba sever as a domain users at the moment it just says login failed? i'm sure I should be able to do this what am I missing?

[jledhead]

sounds like you need to configure pam for winbind
lots of goodies here
pam winbind - Google Search

[aueddonline]

I think you maybe right, having a little trouble thinking of what config file I should play around with,

/etc/pam.d/samba
/etc/pam.d/login
/etc/pam.d/system-auth (I read somewhere this is generated automatically so might leave that)

and i'm also interested to know about /etc/pam_smb.conf if anyone knows it's use

?

[st-evo]

A cheeky way of doing this is by installing webmin, I was having trouble with users, webmin fixed it for me quickly. But before that You need to make sure that all pam files have been editted to allow it to work.

on valid users you can add groups or users:

valid users = steveo, @"support"

valid users = MAIN+steveo

These both work, but the second one is for one user only, it will not let you use more then one, if you post your config file I will av a quick peek for ya

[aueddonline]

Code:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = COMMSULT.ME
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 COMMSULT.ME = {
  kdc = commsult-dc.commsult.me:88
  default_domain = COMMSULT
 }

#[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM

#[appdefaults]
# pam = {
#   debug = false
#   ticket_lifetime = 36000
#   renew_lifetime = 36000
#   forwardable = true
#   krb4_convert = false
# }

Code:

passwd:     files winbind
shadow:     files winbind
group:      files winbind

Code:

security = ads
	workgroup = COMMSULT
	server string = Samba Server Version %v
	netbios name = fedora
        server string = Samba Server Version %v
        realm = COMMSULT.ME
        password server = commsult-dc.commsult.me
        idmap uid = 1000 - 299999
	idmap gid = 300000 - 600000
        winbind enum users = yes
        winbind enum groups = yes
        winbind separator = +
	winbind use default domain = yes
#	winbind refresh ticket = yes
	winbind offline logon = yes
	client use spnego = yes
        domain master = no
	auth methods = winbind
	wins server = 192.168.100.1

[edward]
	browseable = yes
	writeable = yes
	path = /home/humphreyse
	vaild users = COMMSULT.ME+edward

[public]
	comment = Public Stuff
	path = /home/public
	public = yes
	writable = yes