[Samba] wbinfo messed up (was Re: Anyone try 'ssh server" and get "Password for DOMAIN\USER:>>")
in [Samba]
|
Prev: Encryption
Next: wbinfo messed up (was Re: Anyone try 'ssh server" and get "Password for DOMAIN\USER:>>")
From: Linda W on 25 Jun 2010 16:00 Gaiseric Vandal wrote: > IS the Samba server the PDC? Do you have local unix accounts on it? (yes, yes).. > I might be wrong but couldn't you modify /etc/nsswitch.conf to use > > passwd: files winbind > group: files winbind > > instead? ----------- I tried this -- but then I couldn't log in at all! I'm thinking my winbind is screwy -- that may be all or part of the problem. Symptoms: > wbinfo -u shows: lindaw (my user name) wbinfo -n lindaw returns: (expected) S-1-5-21-33333-77777-33333-80026 SID_USER (1) BUT: wbinfo -i lindaw" says: "Could not get info for user lindaw" wbinfo --own-domain returns: "BLISS" wbinfo --ping-dc returns: "checking the NETLOGON dc connection succeeded" BUT: wbinfo --dsgetdcname=BLISS returns: "Could not find dc for BLISS" wbinfo -m BUILTIN BLISS wbinfo -m wbinfo --sid-aliases=S-1-5-21-33333-77777-33333-80026 80026 wbinfo --user-sids=S-1-5-21-33333-77777-33333-80026 Could not get group SIDs for user SID S-1-5-21-33333-77777-33333-80026 --- So It has partial information, but can't give info on me, can't verify passwords, can't give groups, but maps user id's... It DOESN'T show the same groups as "net rpc groups list" -- it shows a *fraction* of what the net command shows - net rpc groups list shows 20 groups, wbinfo -g shows 8. Should these be close? or the same? How can they be out of sync and if they should be the same, how do I resync them? Net groups shows the correct listing. > > On 06/25/2010 01:12 AM, L. A. Walsh wrote: >> I'm trying to use 'ssh' as a domain user from a workstation into my >> server. >> >> When I ssh as a non-domain user, it doesn't tack on a domain (or >> workstation) >> name, so it just works, but when I log in from from my Samba domain, >> it tacks it on (and the linux security stuff doesn't like "domain\" >> either. >> >> Should the pam_winbind module be able to authenticate this type of >> user name against the domain? >> >> If not, is there a module that does? >> >> thanks, >> linda >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |