Local accounts don't work after Samba server join to Active Domain. - SMB

This is a discussion on Local accounts don't work after Samba server join to Active Domain. - SMB ; Before Samba server join to Windows 2000 Active Domain, local accounts can login samba server, but when Samba server join to Windows 2000 Active Domain, they don't work, you have only use user accounts from Active Domain to login samba ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Local accounts don't work after Samba server join to Active Domain.

  1. Local accounts don't work after Samba server join to Active Domain.

    Before Samba server join to Windows 2000 Active Domain, local accounts
    can login samba server, but when Samba server join to Windows 2000
    Active Domain, they don't work, you have only use user accounts from
    Active Domain to login samba server. Is it a samba bug ? ( I use samba
    with version 3.0.7, the latest version. )

    It seems either local accounts or domain user accounts can login Samba
    server at the same time. Are some steps or settings forgot by me ?

    Thanks,
    Johnson Cheng

  2. Re: Local accounts don't work after Samba server join to Active Domain.


    "JohnsonCheng@iei.com.tw" wrote in message
    news:1e12973f.0410010401.389ff33@posting.google.co m...
    > Before Samba server join to Windows 2000 Active Domain, local accounts
    > can login samba server, but when Samba server join to Windows 2000
    > Active Domain, they don't work, you have only use user accounts from
    > Active Domain to login samba server. Is it a samba bug ? ( I use samba
    > with version 3.0.7, the latest version. )
    >


    I think that is by design. The logon authentication now happens on a DC of
    the AD. The smbpasswd is no longer used. The AD accounts still have to map
    to Linux accounts unless you're using winbind to authenticate on the Linux
    system.

    > It seems either local accounts or domain user accounts can login Samba
    > server at the same time. Are some steps or settings forgot by me ?
    >
    > Thanks,
    > Johnson Cheng




  3. Re: Local accounts don't work after Samba server join to Active Domain.

    I tried to use winbind to authenticate on the Linux system, but the
    local accounts doesn't login samba server, too.
    The following is my configuration abount winbind:

    /etc/nsswitch.conf
    passwd: files winbind
    shadow: files nisplus
    group: files winbind

    /etc/pam.d/samba
    auth required pam_nologin.so
    auth required pam_stack.so service=system-auth
    account required pam_stack.so service=system-auth
    session required pam_stack.so service=system-auth
    password required pam_stack.so service=system-auth

    /etc.pam.d/system-auth
    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth required /lib/security/pam_env.so
    auth sufficient /lib/security/pam_unix.so likeauth nullok
    auth sufficient /lib/security/pam_winbind.so use_first_pass
    auth required /lib/security/pam_deny.so

    account required /lib/security/pam_unix.so
    account sufficient /lib/security/pam_winbind.so use_first_pass

    password required /lib/security/pam_cracklib.so retry=3 type=
    password sufficient /lib/security/pam_unix.so nullok use_authtok
    md5 shadow
    password sufficient /lib/security/pam_winbind.so use_first_pass
    password required /lib/security/pam_deny.so

    session required /lib/security/pam_limits.so
    session sufficient /lib/security/pam_unix.so
    session sufficient /lib/security/pam_winbind.so use_first_pass


    Is something wrong ??

    Thanks,
    Johnson Cheng


    "m.marien" wrote in message news:<10lqsed8jim900d@corp.supernews.com>...
    > "JohnsonCheng@iei.com.tw" wrote in message
    > news:1e12973f.0410010401.389ff33@posting.google.co m...
    > > Before Samba server join to Windows 2000 Active Domain, local accounts
    > > can login samba server, but when Samba server join to Windows 2000
    > > Active Domain, they don't work, you have only use user accounts from
    > > Active Domain to login samba server. Is it a samba bug ? ( I use samba
    > > with version 3.0.7, the latest version. )
    > >

    >
    > I think that is by design. The logon authentication now happens on a DC of
    > the AD. The smbpasswd is no longer used. The AD accounts still have to map
    > to Linux accounts unless you're using winbind to authenticate on the Linux
    > system.
    >
    > > It seems either local accounts or domain user accounts can login Samba
    > > server at the same time. Are some steps or settings forgot by me ?
    > >
    > > Thanks,
    > > Johnson Cheng


+ Reply to Thread