Recent content by ned209

Thats what I thought ... I'm screwed. --ned

You're using security = ADS ? do you see a ticket when you run klist? try this command as well: kinit Administrator@ALL-CAPS-DOMAIN-NAME.TLD it should ask you for admins password. If successful you should see a ticket with the klist command. --ned

did you run the wbinfo --set-auth-user ? did you join the domain like this: net ads join -U Administrator@ALL-CAPITOLS-DOMAIN-THAT-IS-REALLY-YOUR-KERBEROS-REALM.TLD and you saw the message something like this: Joined 'STYX' to realm 'NSI-MAIN.NORTHERN-STEEL.COM' The realm part is important...

I'm not 100% sure but I think the first thing it does is connect with the machine name to the IPC$ share on the samba box and this is failing. What version of kerberos are you running? when you run wbinfo -u do you see the machine entries as well as the users? --ned

Sounds like you've got a problem in your /etc/pam.d/ files. Can you post the contents of the files. I'm running debian, here's what I have but these may not work for you: common-account file: account sufficient pam_winbind.so account sufficient pam_unix.so use_first_pass nullok...

I'm not 100% on this but I think thats because pam is checking pam_winbind.so before the pam_unix.so. Its only a warning though. See if the error msg's line up to root login's that would help narrow it down. hope that helps, --ned

Run some debugging output to give you an idea of where samba is failing. To turn up the output you can run this: smbcontrol smbd debug 2 or you can put a log level = 2 line in the smb.conf and reload the config. Then tail the log, on my deb box the log is /var/log/samba/log.smbd, could be...

Hi Bob, You probably want to look at the browse settings in your smb.conf, sounds like samba is breaking netbios. Do you have a wins server, domain controller, other machines that want to be browse masters? Unless you want samba to be the master, I've found it simpler to just leave samba out...

I'm having trouble getting group permissions to work when I have winbind use default domain = yes, which is fairly necessary for a bunch of applications to work, ie. CVS, mail, some home made web apps. Here's the technical background: Debian Woody Box Samba 3.0.10-1 deb package Win2k AD...