I am tring to set my Samba box to autheticate users from my win2k PDC. The problem is that they cant log onto the Linux system and I cant use my NT accounts when setting permissions on files.
I can use wbinfo -a domain+username%password and it says "plaintext password authentication succeeded". I can also use getent -passwd and I get a list of my useres on both the NT side and the Linux side but they dont show up when I use a gui account manager. When I try to put NT users to Linux groups I get "usermod: domain+username not in etc/passwd. Anyone know wht I am doing wrong?


Thank you
Josh

do you have the sames users accounts on the linux box
did create user accounts in the samba server
did you have the statement on smb.conf : domain logons = yes ?

Well Here is my smb.conf I have not made the the accounts on the Linux box. Do I make the same user name ie josh or "Homenet+josh"?

# Samba config file created using SWAT
# from localhost.localdomain (127.0.0.1)
# Date: 2003/01/02 15:02:45

# Global parameters
[global]
workgroup = HOMENET
netbios name = VETTY
server string = Linux server
security = DOMAIN
encrypt passwords = Yes
null passwords = Yes
password server = transam
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = lpstat
domain admin group = Homenet
local master = No
domain master = No
dns proxy = No
wins server = transam
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
printing = cups
add user script = /usr/sbin/useradd %u
force group =somegroup
force user = someuser

[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
lpq command = lpstat -o %p
lprm command = cancel %p-%j
browseable = No

[public]
comment = Public Stuff
path = /home/samba/public
write list = homenet+administrator
read only = No
guest ok = Yes
~
~

change this

security = user
just for trouble shooting uncomment null passwords = Yes ( like this # null passwords = Yes)
set local master = yes
domain master = yes
just for trouble shooting uncomment
wins server = transam
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
printing = cups
and add the statement

on global settings

domain logons = yes


after that as root open a shell

and create user on the samba server

here some nice links with grafics on How to:

http://www.troubleshooters.com/linux/samba.htm

and here is the best tutorial on the net

http://www.mandrakeuser.org/docs/con...mba6.html#conf

enjoy

I think you have me wrong I dont want to use samba as the PDC I have a NT PDC.
I want to use My NT accounts to browse shares on the linux box. I tried to use winbind and every thing seems to work. I get use "getent -u or g" and I get all the acounts from my NT domain. My problem is that these users can not open or create dir on the linux machine. I get access denied error when attemting from a windoze machine.
Then I thought I would use pam to authenticate users from the NT Domain. I have looked at about 200 hundred sites that describe how to do this and each of them have diffrent directions. I need to find a site or some one that has done this so I can get some insite on pam_windbind.so and what I need to do to make it work.

so you can see the linux box on the Neighboorhood, if so,
I had the same problem , I couod see the linux box, and on double click I got the access deny and other error messages. my problem was the fire wall, I set up Hign, and I did not make the Nic card a trust device. after resetting the fire wall, I was able to do what I suppost to do.

Hope that helps

I dont hava a firewall in the lab. And yes I can see the the Linux box in Neighboorhood. browse the shares I just can not change the permissions through NT or add or remove files from any win2k computers on the network. is there a log file that writes down the reason for denial? I looked in var/logs but did not see any thing that pointed out a problem. I do thank you, you are the first one in a week to try to help me.

do you whant publish a share (samba share) on a nt box(server)
if so so far is possible using samba 3.x still alpha, I have been tested so far works good, but to publish shares on the a windw$ domain need extra features like a Kerberos server and Ldap server.

so please explain your problem with more detalles

forgot, yes , there is a log file, (need to create the folder first)

according to smb.cong log file = /var/log/samba/log.%m

My main goal is to have Unified Logons between Windows NT and LINUX using Winbind.
Right now my main problem is that I can browse directories but I can not add files or dir in the share. I can view the permissions sent on a dir but I can not modify them.
I have read and set up my pam and smb configuration just like it says in the samba documentaion for " Unified Logons between Windows NT and UNIX using Winbind" bet yet I still can not logon using my NT domain user accounts.