I am new to linux so I’ve done a lot of learning in trying to figure this out, but I’m still nowhere.
I setup samba and LDAP client settings via YAST and manually edited the nsswitch.conf and login pam module yet I cannot login to my suse machine with my windows account. I believe I successfully joined to the PC to my domain as I can see the computer account in AD, but I still can’t seem to logon as my AD admin account.
According to the tutorial/tutorials I followed at the suse login prompt I should be able to type mywindowsdomain+mywindowsaccount and login (winbind separator = +), but I’m getting authentication failures every time.
When I do a “net lookup dc” I get back a list of some of my DCs.
I’m also able to ping the winbind daemon- if that info is helpful.
- I also disabled the nscd daemon.
Thanks for any help. Here are the config files:
----smb.conf----
smb.conf is the main Samba configuration file. You find a full commented
version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
samba-doc package is installed.
Date: 2009-10-27
[global]
winbind separator = +
winbind cache time = 10
workgroup = mycompNetbiosName
passdb backend = ldapsam:ldap://10.100.100.100
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
domain logons = no
domain master = No
netbios name = SUSE
security = domain
wins support = No
usershare max shares = 100
realm = mycomp.COM
template homedir = /home/%D/%U
winbind refresh tickets = yes
idmap backend = ldap:ldap://10.220.3.98
ldap admin dn = [email]me@mycomp.com[/email]
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap passwd sync = Yes
ldap ssl = Off
ldap suffix = DC=mycomp,DC=com
ldap user suffix = ou=Users
idmap gid = 10000-20000
idmap uid = 10000-20000
password server = *
wins server =
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
Share disabled by YaST
[netlogon]
—pam.d/login–
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
session required pam_lastlog.so nowtmp
session optional pam_mail.so standard
session optional pam_ck_connector.so