Web lists-archives.com

Re: [Samba] Windows pre-requisites for login with winbind?




On Tue, 22 Aug 2017 14:35:59 +0000
"A. James Lewis" <james@xxxxxxxxxx> wrote:

> I think we're getting confused with the kerberos issue created by my
> errant DNS server... with the original problem, all the commands I
> have sent showing an issue with kerberos were working originally,
> with the config which explicitly defined "kdc =", and are now working
> again, with your new config, now that I have fixed the DNS... but the
> original problem is that I have a very small number of users which
> don't work.... winbind says that they don't exist, while every other
> user works just fine... 
> 
> Those 3 users that don't work are the most recent 3 to be added, and
> since I don't have control over the AD, I can't say if there's some
> parameter or group they don't have which stops them from working, but
> I don't think it's a co-incidence that they are not "random" users,
> but only "new" users.
> 
> Obviously since they can log in to windows desktops, winbind
> behaviour must be different to Windows... but surely there has to be
> an AD component to this too.
> 
> The common-auth line you have below is precisely what I have.
> 

Well, yes you probably have, that comes from the libpam-winbind
package, you just need the 'glue' that comes from the libpam-krb5
package.

Now that you are using the 'rid' backend, you do not need to add
anything to AD, so your new users should work.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba