Hi I have a rhel4 es running on x86_64 with samba-3.0.25b. I am also using winbind.
I have joined my samba box to the AD domain without a problem. I can wbinfo -u, -g, -m, -t succesfully. I can getent passwd and group. I can log in as an AD user and chhange permissions to AD users and groups on files and folders.
My AD domain has a two way trust with my NT4 domain.
I can su to a NT4 user and AD user as root on the samba box.
From the login prompt I can login to an AD user by supplying username and password - the only thing I can not do is login as an NT4 user without su'ing from root. The problem seems to be with authentication.
I joined the domain using 'net ads join'.
my smb.conf
[global]
workgroup = AD
realm = AD.FOOBAR.COM
netbios name = RHELSAMBA
server string = Samba TEST server
interfaces = eth0
security = ads
password server = AD_DC
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 1
log file = /var/log/samba/%m.log
max log size = 0
smb ports = 139
name resolve order = wins bcast hosts
preferred master = No
local master = No
domain master = No
winbind separator = +
dns proxy = No
wins server = X.X.X.X
winbind enum users = yes
winbind enum groups = yes
idmap uid = 10000-65000
idmap gid = 10000-65000
template homedir = /home/WINUsers/%D/%U
template shell = /bin/bash
winbind use default domain = no
When I try to log in as NT4 user the log file states
pam_winbind(su): request failed: Trusted domain failure, PAM error was System error (4), NT error was NT_STATUS_TRUSTED_DOMAIN_FAILURE
We have a load of AD users and a load of NT users and I need to be able to authenticate both lots. Can anyone give me any pointers as to what I am doing wrong?
Many thanks
------------------------------------------
Somethings come from nothing, nothing seems to come from somethings - SFA - Guerilla
roycrom
I have joined my samba box to the AD domain without a problem. I can wbinfo -u, -g, -m, -t succesfully. I can getent passwd and group. I can log in as an AD user and chhange permissions to AD users and groups on files and folders.
My AD domain has a two way trust with my NT4 domain.
I can su to a NT4 user and AD user as root on the samba box.
From the login prompt I can login to an AD user by supplying username and password - the only thing I can not do is login as an NT4 user without su'ing from root. The problem seems to be with authentication.
I joined the domain using 'net ads join'.
my smb.conf
[global]
workgroup = AD
realm = AD.FOOBAR.COM
netbios name = RHELSAMBA
server string = Samba TEST server
interfaces = eth0
security = ads
password server = AD_DC
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 1
log file = /var/log/samba/%m.log
max log size = 0
smb ports = 139
name resolve order = wins bcast hosts
preferred master = No
local master = No
domain master = No
winbind separator = +
dns proxy = No
wins server = X.X.X.X
winbind enum users = yes
winbind enum groups = yes
idmap uid = 10000-65000
idmap gid = 10000-65000
template homedir = /home/WINUsers/%D/%U
template shell = /bin/bash
winbind use default domain = no
When I try to log in as NT4 user the log file states
pam_winbind(su): request failed: Trusted domain failure, PAM error was System error (4), NT error was NT_STATUS_TRUSTED_DOMAIN_FAILURE
We have a load of AD users and a load of NT users and I need to be able to authenticate both lots. Can anyone give me any pointers as to what I am doing wrong?
Many thanks
------------------------------------------
Somethings come from nothing, nothing seems to come from somethings - SFA - Guerilla
roycrom