Find the answer to your Linux question:
Results 1 to 9 of 9
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Samba authentication problem

    I have a samba server setup that is authenticating with a Windows domain. This part of the authentication is working flawlessly and all the domain users can access the shares with no problems. My main problem is that the local accounts that were created on this server can not authenticate with samba. No matter what I try the local users can not login.

    So far I have reset both the local and samba passwords, checked that the local accounts are enabled, and I have made sure that I am trying to mount shares using SERVERNAME\username when it asks for the user.

    Here is my smb.conf file:
    	workgroup = WORKGROUP
    	realm = REALM.COM
    	server string = engineering file server
    	security = ADS
    	obey pam restrictions = Yes
    	password server = XXX.XXX.XXX.XXX
    	unix extensions = No
    	keepalive = 900
    	preferred master = No
    	local master = No
    	domain master = No
    	wins server = XXX.XXX.XXX.XXX
    	ldap ssl = no
    	idmap uid = 10000-20000
    	idmap gid = 10000-20000
    	template primary group = users
    	template homedir = /home/shares/bu_onen1/bu/users8/%U
    	template shell = /bin/bash
    	winbind separator = +
    	winbind cache time = 900
    	winbind enum users = No
    	winbind enum groups = No
    	winbind use default domain = Yes
    	path = /home/shares/bu_onen1
    	read only = No
    	vfs object = recycle
    		recycle:keeptree = Yes
    		recycle:repository = .undelete/%U
    		recycle:exclude = ~$*.doc *.lnk *.tmp *.temp
    	comment = Home directory for %U
    	valid users = %S, %D+%S
    	read only = No
    	browseable = No
    	path = /home/shares/bu_onen1/ptc
    	path = /home/shares/bu_onen1/ptc1
    	path = /home/shares/newprogs
    	read only = No
    	create mask = 0774
    	directory mask = 0775
    	path = /home/shares/public
    	read only = No
    	create mask = 0774
    	directory mask = 0775
    	path = /var/spool/cups-pdf/
    	read only = No
    Here is my /etc/pam.d/samba file:
    auth	   sufficient
    #auth       required
    auth       required service=system-auth  
    account    required service=system-auth
    account	   sufficient
    session    required skel=/etc/skel umask=0022
    session    required service=system-auth
    password   required service=system-auth
    password   sufficient use_authtok
    Here is my /etc/pam.d/system-auth file:

    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth        required      /lib/security/$ISA/
    auth        sufficient    /lib/security/$ISA/ likeauth nullok
    auth        sufficient    /lib/security/$ISA/ use_first_pass
    auth        sufficient    /lib/security/$ISA/ use_first_pass
    auth        required      /lib/security/$ISA/
    account     required      /lib/security/$ISA/ broken_shadow
    account     sufficient    /lib/security/$ISA/ uid < 100 quiet
    account     sufficient	  /lib/security/$ISA/
    account     sufficient    /lib/security/$ISA/
    account     required      /lib/security/$ISA/
    password    requisite     /lib/security/$ISA/ retry=3
    password    sufficient    /lib/security/$ISA/ nullok use_authtok md5 shadow
    password    sufficient    /lib/security/$ISA/ use_authtok
    password    sufficient    /lib/security/$ISA/ use_authtok
    password    required      /lib/security/$ISA/
    session     required      /lib/security/$ISA/
    session     required      /lib/security/$ISA/
    session     optional      /lib/security/$ISA/
    One other thing I tried that I forgot to mention is that I tried setting the "auth methods" to "guest, sam, winbind" but still has no luck.

  2. #2
    FYI, I can log into SWAT using local user credentials without a problem so I know the passwords are setup correctly.

  3. #3
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Nottingham, England
    Try the following:

    - Make sure you smb server is set to use encrypted passwords
    - Make sure that each user has an account on the Linux machine. If the user names are different, map Windows user name to Linux ones using /etc/samba/smbusers
    - For each user, set their samba password with smbpasswd; set it to be the same as their Windows password.
    - Restart Samba and test.
    Linux user #126863 - see

  4. $spacer_open
  5. #4
    Roxoff...I think you are missing the point here.

    First, I'm authenticating Windows users via Winbind through our domain controller which is working fine. The accounts for the Windows users are virtual accounts that get created on the fly. I'm not concerned with any of this because I'm trying to authenticate a user that was created on the server and not one that was created on the domain. In other words, I'm trying to authenticate a Linux user and not a Windows user.

    Second, I have already reset the Linux users's passwords via smbpasswd and it didn't help. I can still log into the Linux user's account through SWAT without a problem, but I cannot access it from another computer. I have tried everything I know to try (with the domain name specified, without it specified, etc.) and it still will not allow me to login from another machine.

  6. #5
    your going have to map the accounts to a unix uid if you have a windows dc
    All i want for christmas is a new liver....a second chance to get afflicted with Cirrhosis

  7. #6
    Maybe this helps:
    I had:
    on Solaris 9. And on the windows box, set the plain text password key value to 1
    [You may save this as a .reg file and import]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\l anmanworkstation\parameters]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\l anmanworkstation\parameters]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\l anmanworkstation\parameters]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\lanmanworkstation\parameters]

    Then restart your windows box and try mapping again.
    Do let us know if this helped.

  8. #7
    Did you set up create machine accounts on your samba server?

    If you configured samba as a PDC then a requirement is that you include machine trust.

    If that's your configuration.

  9. #8
    Hi maclinwin.
    Was your reply intended for HaMBoNE79 ?
    If not, my Solaris 10 box has local authentication. I do not understand what PDC is but if it refers to Domain Controller; no. My domain controller is different and not configured in the samba installation.

    Parag P. Doke

  10. #9
    My bad.

    PDC= Windows Primary Domain Controller. Samba on Linux is a great PDC alternative to Win servers.

    I need to read the threads closer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts