Hello,
I´m trying to use winbind to allow my AD users to logon to our linux computers.
I´m using FC6 and Samba 3.0.23c-2.
I have several problems:
1. When I start linux machine and immediately ofter logging in I try to check trust secret by running wbinfo -t
I receive this error:
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
could not check secret
When I try to run wbinfo -t after a short while it returns:
checking the trust secret via RPC calls succeeded.
Is this normal behaviour?
2.Winbind do not maintain mappings between UIDs, GIDs and SIDs
Winbindd and smbd are running, but when I run getent passwd I receive list of
linux local users. And I´m not able to login to my linux machine until I manually
add information about user in \etc\paswd. But this is unacceptable for me because I have
600+ users in my domain. Is there way how to make winbind to automaticaly update user mappings?
3. When I manually add informations about user into passwd I´m able to login but
after inserting username I have to insert my password twice. Where can be the problem?
My configuration files:
My smb.conf:
[global]
workgroup = MYDOMAIN.COM
server string = Samba Server
security = domain
winbind separator = \
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/winnt/%U
template shell = /bin/bash
winbind use default domain = true
winbind cache time = 10
encrypt passwords = yes
winbind trusted domains only = yes
obey pam restrictions = yes
password server = server.mydomain.com
[homes]
comment = Home Directories
browseable = no
writable = yes
My nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files winbind
rpc: files
services: files winbind
netgroup: files winbind
publickey: nisplus
automount: files winbind
aliases: files nisplus
My pam.d configuration:
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_winbind.so
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account sufficient pam_winbind.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
Thanks for any help.
Jiri
I´m trying to use winbind to allow my AD users to logon to our linux computers.
I´m using FC6 and Samba 3.0.23c-2.
I have several problems:
1. When I start linux machine and immediately ofter logging in I try to check trust secret by running wbinfo -t
I receive this error:
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
could not check secret
When I try to run wbinfo -t after a short while it returns:
checking the trust secret via RPC calls succeeded.
Is this normal behaviour?
2.Winbind do not maintain mappings between UIDs, GIDs and SIDs
Winbindd and smbd are running, but when I run getent passwd I receive list of
linux local users. And I´m not able to login to my linux machine until I manually
add information about user in \etc\paswd. But this is unacceptable for me because I have
600+ users in my domain. Is there way how to make winbind to automaticaly update user mappings?
3. When I manually add informations about user into passwd I´m able to login but
after inserting username I have to insert my password twice. Where can be the problem?
My configuration files:
My smb.conf:
[global]
workgroup = MYDOMAIN.COM
server string = Samba Server
security = domain
winbind separator = \
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/winnt/%U
template shell = /bin/bash
winbind use default domain = true
winbind cache time = 10
encrypt passwords = yes
winbind trusted domains only = yes
obey pam restrictions = yes
password server = server.mydomain.com
[homes]
comment = Home Directories
browseable = no
writable = yes
My nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files winbind
rpc: files
services: files winbind
netgroup: files winbind
publickey: nisplus
automount: files winbind
aliases: files nisplus
My pam.d configuration:
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_winbind.so
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account sufficient pam_winbind.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
Thanks for any help.
Jiri