Hello all, I have a CentOS 5 server that I've configured as a domain member to allow my users to authenticate with the server using their AD credentials. I have run into one small problem, after configuring samba and winbind the adduser command is no longer able to add users to the local machine (passwd, shadow, group). I know I could just add all the users to AD however this if for an ftp server and I'd rather not add 100 FTP accounts to AD, I'd prefer that the users who need shell access authenticate using AD credentials and all FTP and SFTP only users use local authentication.
Here are the specifics of my environment:
Note: I've obscured some of the values to prevent to much sensitive information on the environment from being public knowleged (with XXXXXX).
uname -a
Linux testlxapp02.XXXXX.com 2.6.18-128.1.10.el5PAE #1 SMP Thu May 7 11:14:31 EDT 2009 i686 i686 i386 GNU/Linux
rpm -qa samba3
samba3-3.2.8-38
cat /etc/nsswitch.conf |grep -v '^#' |grep -v '^$'
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns wins
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
cat /etc/samba/smb.conf |grep -v '^#' |grep -v '^$'
[global]
workgroup = austx
netbios name = %h
server string = %h (Samba Server Version %v)
security = ads
realm = XXXXXXXXXX
password server = XXXXXXXXXX
encrypt passwords = yes
server signing = yes
smb passwd file = /etc/samba/smbpasswd
allow trusted domains = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
obey pam restrictions = yes
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind offline logon = yes
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
dns proxy = no
template homedir = /home/%U
template shell = /bin/bash
time server = yes
winbind expand groups = 5
cat /etc/pam.d/system-auth-ac
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account requisite pam_succeed_if.so user ingroup dl_testlxapp02_users
account sufficient pam_winbind.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session optional pam_mkhomedir.so skel=etc/skel/ umask=0022
session required pam_unix.so
Any help would be appreciated
