http://bugzilla.novell.com/show_bug.cgi?id=567525 http://bugzilla.novell.com/show_bug.cgi?id=567525#c0 Summary: winbind broken with AD/DSFW Domain Authentication Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: i586 OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Samba AssignedTo: samba-maintainers@SuSE.de ReportedBy: cpedersen@novell.com QAContact: samba-maintainers@SuSE.de Found By: Customer Blocker: --- Setting up winbind to do authentication against an AD or DSFW domain does not work. To duplicate; - setup Kerberos to use the realm from the domain (verify with 'kinit <user>@realm)' - use 'Windows Domain Membership' to insert the computer into the domain - verify that the computer is in cn=Computers,dc=domain - verify that users are found (getent passwd) - if not found add in [global] to smb.conf: winbind enum users = yes winbind enum groups = yes - restart winbind or reboot computer Now when one tries to login with DOMAIN\\user one get Your password has expired Changing password for DOMAIN\test (current) NT password: And in /var/log/messages: Dec 29 12:27:34 opensuse sshd[5806]: pam_winbind(sshd:auth): user 'DOMAIN\test' granted access Dec 29 12:27:34 opensuse sshd[5806]: pam_krb5[5806]: account checks fail for 'SITE\test': user is unknown or account expired (ignoring) Dec 29 12:27:34 opensuse sshd[5806]: pam_winbind(sshd:account): pam_sm_acct_mgmt success but PAM_WINBIND_NEW_AUTHTOK_REQD is set Dec 29 12:27:34 opensuse sshd[5806]: pam_winbind(sshd:account): user 'SITE\test' needs new password Dec 29 12:27:34 opensuse sshd[5806]: pam_winbind(sshd:chauthtok): getting password (0x000001a0) The password is not expired. This works if one is using SLED10SP2 which is shipping with a different version of winbind (samba-winbind-3.2.7-11.6) vs OpenSuSE 11.2 (samba-winbind-3.4.2-1.1.3.1.i586) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.