Hello, I am trying to set up a Linux server (Linux 2.4.21-20.ELsmp) to authenticate Windows users on an Active Directory controller. I want to be able to authenticate users for Samba shares and to authenticate telnet ftp, and console logons without creating separate or shared accounts on the linux box. I followed the instructions at http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#winb indcfg Our ADS must be running in legacy mode because I used 'net rpc join' and not 'net ads join' to join the domain. Now I can enumerate the users using winbind -u, but I cannot connect to a Samba share, even if specify everyone can use the share. If I try to connect to the Samba share from my PC using an existing linux user (like root), I get a dialogbox that says "The credentials supplied conflict with an existing set of credentials". I get these messages on the console when I try to connect to the Samba share /export/kickstart: Feb 25 11:29:16 myserver winbindd[1833]: [2005/02/25 11:29:16, 0] nsswitch/winbindd_acct.c:winbindd_create_user(911) Feb 25 11:29:16 myserver winbindd[1833]: winbindd_create_user: idmap_allocate_id() failed! Feb 25 11:29:16 myserver winbindd[1833]: [2005/02/25 11:29:16, 0] nsswitch/winbindd_acct.c:winbindd_create_user(911) Feb 25 11:29:16 myserver winbindd[1833]: winbindd_create_user: idmap_allocate_id() failed! Feb 25 11:29:16 myserver winbindd[1833]: [2005/02/25 11:29:16, 0] nsswitch/winbindd_acct.c:winbindd_create_user(911) Feb 25 11:29:16 myserver winbindd[1833]: winbindd_create_user: idmap_allocate_id() failed! Feb 25 11:29:16 myserver smbd[1859]: [2005/02/25 11:29:16, 0] auth/auth_util.c:make_server_info_info3(1122) Feb 25 11:29:16 myserver smbd[1859]: make_server_info_info3: pdb_init_sam failed! Feb 25 11:29:16 myserver winbindd[1833]: [2005/02/25 11:29:16, 0] nsswitch/winbindd_acct.c:winbindd_create_user(911) Feb 25 11:29:16 myserver winbindd[1833]: winbindd_create_user: idmap_allocate_id() failed! Feb 25 11:29:16 myserver winbindd[1833]: [2005/02/25 11:29:16, 0] nsswitch/winbindd_acct.c:winbindd_create_user(911) Feb 25 11:29:16 myserver winbindd[1833]: winbindd_create_user: idmap_allocate_id() failed! Feb 25 11:29:16 myserver winbindd[1833]: [2005/02/25 11:29:16, 0] nsswitch/winbindd_acct.c:winbindd_create_user(911) Feb 25 11:29:16 myserver winbindd[1833]: winbindd_create_user: idmap_allocate_id() failed! Feb 25 11:29:16 myserver smbd[1859]: [2005/02/25 11:29:16, 0] auth/auth_util.c:make_server_info_info3(1122) Feb 25 11:29:16 myserver smbd[1859]: make_server_info_info3: pdb_init_sam failed! Feb 25 11:29:16 myserver winbindd[1833]: [2005/02/25 11:29:16, 0] nsswitch/winbindd_acct.c:winbindd_create_user(911) Feb 25 11:29:16 myserver winbindd[1833]: winbindd_create_user: idmap_allocate_id() failed! Feb 25 11:29:16 myserver winbindd[1833]: [2005/02/25 11:29:16, 0] nsswitch/winbindd_acct.c:winbindd_create_user(911) Feb 25 11:29:16 myserver winbindd[1833]: winbindd_create_user: idmap_allocate_id() failed! Feb 25 11:29:17 myserver winbindd[1833]: [2005/02/25 11:29:17, 0] nsswitch/winbindd_acct.c:winbindd_create_user(911) Feb 25 11:29:17 myserver winbindd[1833]: winbindd_create_user: idmap_allocate_id() failed! Feb 25 11:29:17 myserver smbd[1859]: [2005/02/25 11:29:17, 0] auth/auth_util.c:make_server_info_info3(1122) Feb 25 11:29:17 myserver smbd[1859]: make_server_info_info3: pdb_init_sam failed! Feb 25 11:29:47 myserver winbindd[1833]: [2005/02/25 11:29:47, 0] libsmb/cliconnect.c:cli_session_setup_spnego(759) Feb 25 11:29:47 myserver winbindd[1833]: Kinit failed: Malformed representation of principal I am NOT running nscd My /etc/samba/smb.conf - I tried security=DOMAIN and that doesn't work either. [global] server string = ohio edf kickstart server printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = ADS socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 password server = mydomaincontroller guest ok = yes workgroup = mydomain dns proxy = no [homes] comment = Home Directories browseable = no writeable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no printable = yes [kickstart] comment = Red Hat Linux Kickstart Files path = /export/kickstart writeable = yes guest ok = yes My /etc/pam.d/samba: auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth password required pam_stack.so service=system-auth My /etc/pam.d/login: auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so My /etc/pam.d/sshd auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_limits.so session optional pam_console.so My /etc/pam_smb.conf MYDOMAIN mydomaincontroller My /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so My /var/log/samba/smbd.log smbd version 3.0.6-2.3E started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2005/02/25 08:52:11, 0] smbd/server.c:main(760) smbd version 3.0.6-2.3E started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2005/02/25 08:52:11, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2005/02/25 11:14:13, 0] smbd/server.c:main(760) smbd version 3.0.6-2.3E started. Copyright Andrew Tridgell and the Samba Team 1992-2004 My /var/log/samba/winbindd.log: [2005/02/25 11:31:12, 0] nsswitch/winbindd_acct.c:winbindd_create_user(911) winbindd_create_user: idmap_allocate_id() failed! [2005/02/25 11:31:12, 0] nsswitch/winbindd_acct.c:winbindd_create_user(911) winbindd_create_user: idmap_allocate_id() failed! [2005/02/25 11:34:53, 0] libsmb/cliconnect.c:cli_session_setup_spnego(759) Kinit failed: Malformed representation of principal [2005/02/25 11:39:53, 0] libsmb/cliconnect.c:cli_session_setup_spnego(759) Kinit failed: Malformed representation of principal [2005/02/25 11:44:54, 0] libsmb/cliconnect.c:cli_session_setup_spnego(759) Kinit failed: Malformed representation of principal Thanks so much if anyone can help! Chris -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
