I have set up a Fedora Core 2 box as a WinNT PDC using Samba 3.0.14a. The set up seems to work fine for Windoze machines, as I have managed to add my WinXP computer to the domain with relatively few problems. However, despite a huge amount of effort I can't get my other Fedora 2 box to log onto the server using winbind. I successfully joined it to the domain, but it will only allow the domain's root user to log on over the network. No other domain users are authenticated, and Fedora tells me that an incorrect username/password were entered when I trying logging on as a domain user other than root.
Samba seems to be working fine on both PCs and I can use the wbinfo command to get various details such as domain users and groups.
My smb.conf file on the samba client is:
----
[global]
workgroup = NETWORK
server string = Samba %v Server (Fedora Core 2)
security = domain
encrypt passwords = true
password server = *
printcap name = /etc/printcap
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
os level = 18
local master = no
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
# Winbind Settings
winbind uid = 10000-20000
winbind gid = 10000-20000
template shell = /bin/bash
winbind separator = /
winbind use default domain = no
template homedir = /home/%U
winbind enum users = yes
winbind enum groups = yes
[homes]
comment = Home Directories
browseable = no
writeable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
printable = yes
----
The pam.d login file is:
----
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
#auth sufficient pam_winbind.so
#auth sufficient pam_unix.so use_first_pass
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_selinux.so multiple
session required pam_stack.so service=system-auth
session optional pam_console.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
----
And pam.d system-auth:
----
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_winbind.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_winbind.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
----
Anyone got any ideas? This is really bugging me. I've checked and double checked everything, but knowing me I've made some glaringly obvious stupid mistake somewhere...
Thanks in advance
Linear Mode
