Re: Samba, PAM, Authentication off an NT Domain
Il giorno Mon, Dec 09, 2002 at 10:04:20PM -0600, Kent West ha scritto:
I restarted /etc/init.d/samba and /etc/init.d/winbind, and then the
"smbpasswd" command as you gave produced an error to use a different
try: smbpassword -j ACU -U Administrator
See 'net rpc join' for this functionality
I'm thinking Sid's version of Samba is too new, and has introduced some
sort of incompatibility.
So I did "net rpc join -U <DOMAIN_ADMIN>", which produced this:
[2002/12/09 21:56:24, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(303)
cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2002/12/09 21:56:24, 1] libsmb/trust_passwd.c:just_change_the_password(44)
just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2002/12/09 21:56:24, 1] utils/net_rpc.c:run_rpc_command(156)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Mmmmm... in win server:
c:> net localgroup "Pre-Windows 2000 Compatible Access" everyone /add
(reboot the server)
Uh-oh. I have a "We'll let him have Domain Admin access as long as he
doesn't make waves" sort of privileged account, and I'm not sure the
real sysadmins would go for this. I'll float it by them though.
I couldn't install it. Some sort of dependency problem. So I just switch
to unstable, not realizing there was such a big difference between
Samba2.2.6 and Sid's samba. I may downgrade and see what happens.
on my pc: (always the same /etc/*)
- woody samba (2.2.3a-6) = error
- woody + samba 2.2.6 = ok
- sarge (unstable) ? (I didn't try it)
The "getent passwd" and "getent group" commands show me username and
group names in the ACU domain. However, when I switch over to a second
virtual terminal and try to log in, I get "Login incorrect". I've tried
logging in as "ACU+snert" (snert is a legitimate user on the ACU
domain), as "snert", and as "westk" (westk is a local account on the
box, and it now fails also, so I better not have a power outage between
now and when I get this fixed - doh!).
you must use "username" and "password" of your domain account.
(and it works!)
I suggest you to use "stable" woody +samba 2.2.6
I don't know anything else... good luck! :)
Thanks very much! At least now I know it CAN work.