Hello! Finally!!
After some time messing with samba, winbind and kerberos to login to a windoze 2003 domain, has come to a joyful end!! For those of you trying the same thing, here is what i did to login, from a workstation running NLD9 SP2, to a 2003 server SP1:
1.config smb.conf (see sample)
2.shut down nscd
3.start samba
4.config nsswitch.conf (see sample)
5.set password for wbinfo (wbinfo --set-auth-user=root%'password')
6.validate wbinfo (wbinfo -u)
7.getent passwd
8.go into yast->network services->samba client
9.click browse for the domain. Select domain. Select "enable linux smb authentication"
10.login to domain
SMB.CONF sample:
[global]
workgroup = YOURDOMAIN
realm = YOURDOMAIN.HERE
netbios name = YOURCOMPUTERNAME
security = domain
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = Yes
use sendfile = Yes
printer admin = @ntadmin, root, administrator
map to guest = Bad User
winbind separator = +
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
encrypt passwords = yes
[homes]
comment = Home Directories
valid users = %S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
NSSWITCH.CONF sample:
passwd: files winbind compat
group: files winbind compat
hosts: files dns winbind
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files
publickey: files
bootparams: files
automount: files nis
aliases: files
A few notes: When i selected my domain, i noticed an "E" was appended to the end of the domain name (ie. domaine) but people can login.
I am NOT using kerberos client, as other sites, places and papers have suggested.
I am NOT running LDAP client, only running samba client and winbind.
I did NOT have to disable any domain "digital signing" polices.
I hope this helps someone!!