|

»

Samba - General

Problem with pam_winbind

View: New views

12 Messages — Rating Filter: Alert me

	Problem with pam_winbind by Alex Samad :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi my setup debian amd64 with ii samba 2:3.4.2-1 SMB/CIFS file, print, and login server for Unix ii samba-common 2:3.4.2-1 common files used by both the Samba server and ii samba-common-bin 2:3.4.2-1 common files used by both the Samba server and ii samba-doc 2:3.2.5-4lenny7 Samba documentation ii samba-tools 2:3.4.2-1 Samba testing utilities installed. I have a working connection config, I can net ads testjoin - result okay and wbinfo -u i& wbinfo -g work wbinfo -a test%password wbinfo -K test%password work. I have /etc/pam.d/imap-test setup to loo like auth required pam_winbind.so auth required pam_deny.so account required pam_winbind.so account required pam_deny.so when i try testsaslauthd -u test -p password -s imap-test I get 0: NO "authentication failed" if I change imap-test config file to remove pam_winbind and use shadow and then retest with a shadow userid/password it works. I have tried setting debug for pam_winbind but I don't see anything Thanks Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba signature.asc (205 bytes) Download Attachment
	Re: Problem with pam_winbind by Robert LeBlanc :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Does this bug describe what you are seeing? https://bugzilla.samba.org/show_bug.cgi?id=6833 Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University On Sun, Nov 1, 2009 at 9:01 PM, Alex Samad <alex@...> wrote: > Hi > > my setup debian amd64 with > ii samba 2:3.4.2-1 > SMB/CIFS file, print, and login server for Unix > ii samba-common 2:3.4.2-1 > common files used by both the Samba server and > ii samba-common-bin 2:3.4.2-1 > common files used by both the Samba server and > ii samba-doc 2:3.2.5-4lenny7 > Samba documentation > ii samba-tools 2:3.4.2-1 > Samba testing utilities > > installed. > > I have a working connection config, I can > > net ads testjoin - result okay > and wbinfo -u i& wbinfo -g work > > wbinfo -a test%password > wbinfo -K test%password > > work. > > I have /etc/pam.d/imap-test setup to loo like > auth required pam_winbind.so > auth required pam_deny.so > account required pam_winbind.so > account required pam_deny.so > > when i try testsaslauthd -u test -p password -s imap-test > I get > 0: NO "authentication failed" > > if I change imap-test config file to remove pam_winbind and use shadow > and then retest with a shadow userid/password it works. > > I have tried setting debug for pam_winbind but I don't see anything > > Thanks > Alex > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAkruS5gACgkQkZz88chpJ2MlwQCgrEomsmpSNIzMllnt0NmUyH7b > chcAn0HmmMRUWo9bBKj23CfeoLYc3IrD > =bpwe > -----END PGP SIGNATURE----- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
	Re: Problem with pam_winbind by Alex Samad :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Sun, Nov 01, 2009 at 11:02:07PM -0600, Robert LeBlanc wrote: > Does this bug describe what you are seeing? > https://bugzilla.samba.org/show_bug.cgi?id=6833 no, I am not using "kerberos method" > > Robert LeBlanc > Life Sciences & Undergraduate Education Computer Support > Brigham Young University > > > On Sun, Nov 1, 2009 at 9:01 PM, Alex Samad <alex@...> wrote: > > > Hi > > > > my setup debian amd64 with > > ii samba 2:3.4.2-1 > > SMB/CIFS file, print, and login server for Unix > > ii samba-common 2:3.4.2-1 > > common files used by both the Samba server and > > ii samba-common-bin 2:3.4.2-1 > > common files used by both the Samba server and > > ii samba-doc 2:3.2.5-4lenny7 > > Samba documentation > > ii samba-tools 2:3.4.2-1 > > Samba testing utilities > > > > installed. > > > > I have a working connection config, I can > > > > net ads testjoin - result okay > > and wbinfo -u i& wbinfo -g work > > > > wbinfo -a test%password > > wbinfo -K test%password > > > > work. > > > > I have /etc/pam.d/imap-test setup to loo like > > auth required pam_winbind.so > > auth required pam_deny.so > > account required pam_winbind.so > > account required pam_deny.so > > > > when i try testsaslauthd -u test -p password -s imap-test > > I get > > 0: NO "authentication failed" > > > > if I change imap-test config file to remove pam_winbind and use shadow > > and then retest with a shadow userid/password it works. > > > > I have tried setting debug for pam_winbind but I don't see anything > > > > Thanks > > Alex > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.10 (GNU/Linux) > > > > iEYEARECAAYFAkruS5gACgkQkZz88chpJ2MlwQCgrEomsmpSNIzMllnt0NmUyH7b > > chcAn0HmmMRUWo9bBKj23CfeoLYc3IrD > > =bpwe > > -----END PGP SIGNATURE----- > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- "I promise you I will listen to what has been said here, even though I wasn't here." - George W. Bush 08/13/2002 Waco, TX Speaking at the President's Economic Forum -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba signature.asc (205 bytes) Download Attachment
	Re: Problem with pam_winbind by Robert LeBlanc :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Ok, it was a shot in the dark since there was no smb.conf included. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University On Mon, Nov 2, 2009 at 12:47 AM, Alex Samad <alex@...> wrote: > On Sun, Nov 01, 2009 at 11:02:07PM -0600, Robert LeBlanc wrote: > > Does this bug describe what you are seeing? > > https://bugzilla.samba.org/show_bug.cgi?id=6833 > > no, I am not using "kerberos method" > > > > > > Robert LeBlanc > > Life Sciences & Undergraduate Education Computer Support > > Brigham Young University > > > > > > On Sun, Nov 1, 2009 at 9:01 PM, Alex Samad <alex@...> wrote: > > > > > Hi > > > > > > my setup debian amd64 with > > > ii samba 2:3.4.2-1 > > > SMB/CIFS file, print, and login server for Unix > > > ii samba-common 2:3.4.2-1 > > > common files used by both the Samba server and > > > ii samba-common-bin 2:3.4.2-1 > > > common files used by both the Samba server and > > > ii samba-doc 2:3.2.5-4lenny7 > > > Samba documentation > > > ii samba-tools 2:3.4.2-1 > > > Samba testing utilities > > > > > > installed. > > > > > > I have a working connection config, I can > > > > > > net ads testjoin - result okay > > > and wbinfo -u i& wbinfo -g work > > > > > > wbinfo -a test%password > > > wbinfo -K test%password > > > > > > work. > > > > > > I have /etc/pam.d/imap-test setup to loo like > > > auth required pam_winbind.so > > > auth required pam_deny.so > > > account required pam_winbind.so > > > account required pam_deny.so > > > > > > when i try testsaslauthd -u test -p password -s imap-test > > > I get > > > 0: NO "authentication failed" > > > > > > if I change imap-test config file to remove pam_winbind and use shadow > > > and then retest with a shadow userid/password it works. > > > > > > I have tried setting debug for pam_winbind but I don't see anything > > > > > > Thanks > > > Alex > > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.4.10 (GNU/Linux) > > > > > > iEYEARECAAYFAkruS5gACgkQkZz88chpJ2MlwQCgrEomsmpSNIzMllnt0NmUyH7b > > > chcAn0HmmMRUWo9bBKj23CfeoLYc3IrD > > > =bpwe > > > -----END PGP SIGNATURE----- > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > "I promise you I will listen to what has been said here, even though I > wasn't here." > > - George W. Bush > 08/13/2002 > Waco, TX > Speaking at the President's Economic Forum > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAkrugHkACgkQkZz88chpJ2N2BwCgg8vw7XGfCl4LqyxAYuZAd1Rx > OqkAoO485C1j1V9LNAeO7Jat/u0LeMiM > =r32j > -----END PGP SIGNATURE----- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
	Re: Problem with pam_winbind by Alex Samad :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, Nov 02, 2009 at 09:14:26AM -0600, Robert LeBlanc wrote: > Ok, it was a shot in the dark since there was no smb.conf included. okay, forgot about that, I have attached now, I have bzip2 it > > Robert LeBlanc > Life Sciences & Undergraduate Education Computer Support > Brigham Young University > > > On Mon, Nov 2, 2009 at 12:47 AM, Alex Samad <alex@...> wrote: > > > On Sun, Nov 01, 2009 at 11:02:07PM -0600, Robert LeBlanc wrote: > > > Does this bug describe what you are seeing? > > > https://bugzilla.samba.org/show_bug.cgi?id=6833 > > > > no, I am not using "kerberos method" [snip] > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba signature.asc (205 bytes) Download Attachment
	Re: Problem with pam_winbind by Michael Wood-8 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message 2009/11/2 Alex Samad <alex@...>: > On Mon, Nov 02, 2009 at 09:14:26AM -0600, Robert LeBlanc wrote: >> Ok, it was a shot in the dark since there was no smb.conf included. > > okay, forgot about that, I have attached now, I have bzip2 it Didn't work. I think the mailing list strips attachments. -- Michael Wood <esiotrot@...> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
	Re: Problem with pam_winbind by Alex Samad :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, Nov 02, 2009 at 10:47:29PM +0200, Michael Wood wrote: > 2009/11/2 Alex Samad <alex@...>: > > On Mon, Nov 02, 2009 at 09:14:26AM -0600, Robert LeBlanc wrote: > >> Ok, it was a shot in the dark since there was no smb.conf included. > > > > okay, forgot about that, I have attached now, I have bzip2 it > > Didn't work. I think the mailing list strips attachments. okay pastebin link instead http://pastebin.com/m2df91bb5 > -- No discipline is ever requisite to force attendance upon lectures which are really worth the attending. -- Adam Smith, "The Wealth of Nations" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba signature.asc (205 bytes) Download Attachment
	[bounce] Problem with pam_winbind by Alex Samad :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, Nov 02, 2009 at 02:01:49PM +1100, Alex Samad wrote: > Hi > > my setup debian amd64 with > ii samba 2:3.4.2-1 > SMB/CIFS file, print, and login server for Unix > ii samba-common 2:3.4.2-1 > common files used by both the Samba server and > ii samba-common-bin 2:3.4.2-1 > common files used by both the Samba server and > ii samba-doc 2:3.2.5-4lenny7 > Samba documentation > ii samba-tools 2:3.4.2-1 > Samba testing utilities > > installed. > > I have a working connection config, I can > > net ads testjoin - result okay > and wbinfo -u i& wbinfo -g work > > wbinfo -a test%password > wbinfo -K test%password > > work. > > I have /etc/pam.d/imap-test setup to loo like > auth required pam_winbind.so > auth required pam_deny.so > account required pam_winbind.so > account required pam_deny.so > > when i try testsaslauthd -u test -p password -s imap-test > I get > 0: NO "authentication failed" > > if I change imap-test config file to remove pam_winbind and use shadow > and then retest with a shadow userid/password it works. > > I have tried setting debug for pam_winbind but I don't see anything > > Thanks > Alex > I was wondering if any one has had any thought on this ? or maybe how I would go about trying to debug it.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba signature.asc (205 bytes) Download Attachment
	Re: [bounce] Problem with pam_winbind by Robert LeBlanc :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > > > I was wondering if any one has had any thought on this ? > > or maybe how I would go about trying to debug it.. > I haven't used any of the ldap stuff that you are using so it's beyond me at this point. I wish I could help more, I know how it is to be in that position. Is this just a member workstation/server or is it trying to be a DC? To me if it is just a member, I can't see why you would need all the LDAP stuff. Security should also probably be ADS as well. Here is my conf file for a member: #======================= Global Settings ======================= [global] workgroup = domain realm = DOMAIN.LOCAL preferred master = no server string = %h server dns proxy = no #### Debugging/Accounting #### log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ####### Authentication ####### security = ADS encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully . pam password change = yes ########## Printing ########## load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes ############ Misc ############ socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 idmap backend = hash winbind nss info = hash winbind use default domain = yes winbind separator = + winbind enum groups = no winbind enum users = no winbind nested groups = yes template homedir = /home/%U template shell = /bin/bash winbind refresh tickets = yes # kerberos method = system keytab # waiting for bug to be fixed winbind offline logon = yes #======================= Share Definitions ======================= Hope that can help any little way it can. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
	Re: [bounce] Problem with pam_winbind by Alex Samad :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, Nov 05, 2009 at 08:16:51AM -0600, Robert LeBlanc wrote: > > > > > > I was wondering if any one has had any thought on this ? > > > > or maybe how I would go about trying to debug it.. > > > > I haven't used any of the ldap stuff that you are using so it's beyond me at > this point. I wish I could help more, I know how it is to be in that > position. Is this just a member workstation/server or is it trying to be a > DC? To me if it is just a member, I can't see why you would need all the > LDAP stuff. Security should also probably be ADS as well. Here is my conf not sure what you mean by all that ldap stuff I have, I understand ads is stored in M$ ldap [global] workgroup = AD server string = %h server dns proxy = no interfaces = 192.168.5.10/24 bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully . pam password change = yes netbios name = bblx01 realm = ad.barbarast.samad.com.au security = ADS encrypt passwords = true password server = * winbind separator = + idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/false winbind use default domain = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > file for a member: > > #======================= Global Settings ======================= > > [global] > workgroup = domain > realm = DOMAIN.LOCAL > preferred master = no > server string = %h server > dns proxy = no > > #### Debugging/Accounting #### > > log file = /var/log/samba/log.%m > max log size = 1000 > syslog = 0 > panic action = /usr/share/samba/panic-action %d > > ####### Authentication ####### > > security = ADS > encrypt passwords = true > passdb backend = tdbsam > obey pam restrictions = yes > invalid users = root > unix password sync = yes > passwd program = /usr/bin/passwd %u > passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* > %n\n password\supdated\ssuccessfully . > pam password change = yes > > ########## Printing ########## > > load printers = no > printing = bsd > printcap name = /dev/null > show add printer wizard = no > disable spoolss = yes > > ############ Misc ############ > > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > idmap backend = hash > winbind nss info = hash > winbind use default domain = yes > winbind separator = + > winbind enum groups = no > winbind enum users = no > winbind nested groups = yes > template homedir = /home/%U > template shell = /bin/bash > winbind refresh tickets = yes > # kerberos method = system keytab # waiting for bug to be fixed > winbind offline logon = yes > > #======================= Share Definitions ======================= > > Hope that can help any little way it can. > > Robert LeBlanc > Life Sciences & Undergraduate Education Computer Support > Brigham Young University -- "And, most importantly, Alma Powell, secretary of Colin Powell, is with us." - George W. Bush 01/30/2003 Washington, DC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba signature.asc (205 bytes) Download Attachment
	Re: [bounce] Problem with pam_winbind by Robert LeBlanc :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, Nov 5, 2009 at 2:32 PM, Alex Samad <alex@...> wrote: > > I haven't used any of the ldap stuff that you are using so it's beyond me > at > > this point. I wish I could help more, I know how it is to be in that > > position. Is this just a member workstation/server or is it trying to be > a > > DC? To me if it is just a member, I can't see why you would need all the > > LDAP stuff. Security should also probably be ADS as well. Here is my conf > > not sure what you mean by all that ldap stuff I have, I understand ads > is stored in M$ ldap > > Indeed, Active Directory is ldap, but the link on pastbin is much different than what you posted here. For most of what I need, I don't have to do LDAP stuff. I just finished writing a script to query AD for a user's e-mail address and I had to do that over LDAP because winbind dosen't provide it. It would be nice to have winbind provide things like that (makes note to self when things slow down, to look at patching that in). > > [global] > workgroup = AD > server string = %h server > dns proxy = no > interfaces = 192.168.5.10/24 > bind interfaces only = yes > log file = /var/log/samba/log.%m > max log size = 1000 > syslog = 0 > panic action = /usr/share/samba/panic-action %d > encrypt passwords = true > passdb backend = tdbsam > obey pam restrictions = yes > unix password sync = yes > passwd program = /usr/bin/passwd %u > passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* > %n\n password\supdated\ssuccessfully . > pam password change = yes > netbios name = bblx01 > realm = > ad.barbarast.samad.com.au > security = ADS > encrypt passwords = true > password server = * > winbind separator = + > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > template homedir = /home/%D/%U > template shell = /bin/false > winbind use default domain = > yes > socket options = TCP_NODELAY > SO_RCVBUF=8192 SO_SNDBUF=8192 > > So, a couple things that I notice that may/may not help. Your realm is lower case, it needs to be uppercase. You are missing an idmap_backend type (I'm pretty sure you need this so that winbind knows how to map your users' SID to UIDs). You can choose from hash, rid or ads. See my example for hash (you don't need ranges ie. idmap uid = 10000-20000). Rid, you need to specify the domain (tusted domains may not work, although I think you can specify different ranges for different domains) and you will need the ranges that you currently have. Ads, needs to have the Active Directory schema extended, you don't need the ranges, but the schema will need to be populated (I think Samaba can do that for you, but I don't have experience). Each one comes with it's pros and cons, if your schema is not extended and you don't have other *NIXs that rely on it, I'd suggest using hash, but it is only in 3.4.x. Other than that things look ok. Also, if a home directory is not created for the user, they probably won't be able to log in due to the template shel = /bin/false. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
	Re: [bounce] Problem with pam_winbind by Alex Samad :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, Nov 05, 2009 at 03:04:38PM -0600, Robert LeBlanc wrote: > On Thu, Nov 5, 2009 at 2:32 PM, Alex Samad <alex@...> wrote: > > > > I haven't used any of the ldap stuff that you are using so it's beyond me > > at > > > this point. I wish I could help more, I know how it is to be in that > > > position. Is this just a member workstation/server or is it trying to be > > a > > > DC? To me if it is just a member, I can't see why you would need all the > > > LDAP stuff. Security should also probably be ADS as well. Here is my conf > > > > not sure what you mean by all that ldap stuff I have, I understand ads > > is stored in M$ ldap > > > > > Indeed, Active Directory is ldap, but the link on pastbin is much different My apologies I took the samba from my mail machine and not the machine in question !!! Below is the correct one, the pastebin is the incorrect one > than what you posted here. For most of what I need, I don't have to do LDAP > stuff. I just finished writing a script to query AD for a user's e-mail > address and I had to do that over LDAP because winbind dosen't provide it. > It would be nice to have winbind provide things like that (makes note to > self when things slow down, to look at patching that in). > > > > > > [global] > > workgroup = AD > > server string = %h server > > dns proxy = no > > interfaces = 192.168.5.10/24 > > bind interfaces only = yes > > log file = /var/log/samba/log.%m > > max log size = 1000 > > syslog = 0 > > panic action = /usr/share/samba/panic-action %d > > encrypt passwords = true > > passdb backend = tdbsam > > obey pam restrictions = yes > > unix password sync = yes > > passwd program = /usr/bin/passwd %u > > passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* > > %n\n password\supdated\ssuccessfully . > > pam password change = yes > > netbios name = bblx01 > > realm = > > ad.barbarast.samad.com.au > > security = ADS > > encrypt passwords = true > > password server = * > > winbind separator = + > > idmap uid = 10000-20000 > > idmap gid = 10000-20000 > > winbind enum users = yes > > winbind enum groups = yes > > template homedir = /home/%D/%U > > template shell = /bin/false > > winbind use default domain = > > yes > > socket options = TCP_NODELAY > > SO_RCVBUF=8192 SO_SNDBUF=8192 > > > > So, a couple things that I notice that may/may not help. Your realm is > lower case, it needs to be uppercase. You are missing an idmap_backend type > (I'm pretty sure you need this so that winbind knows how to map your users' > SID to UIDs). You can choose from hash, rid or ads. See my example for hash > (you don't need ranges ie. idmap uid = 10000-20000). Rid, you need to > specify the domain (tusted domains may not work, although I think you can > specify different ranges for different domains) and you will need the ranges > that you currently have. Ads, needs to have the Active Directory schema > extended, you don't need the ranges, but the schema will need to be > populated (I think Samaba can do that for you, but I don't have experience). > Each one comes with it's pros and cons, if your schema is not extended and > you don't have other NIXs that rely on it, I'd suggest using hash, but it > is only in 3.4.x. Other than that things look ok. Also, if a home directory > is not created for the user, they probably won't be able to log in due to > the template shel = /bin/false. OKay some interesting things for me to follow up. I didn't think I need to extend the schema as all I am using is the auth capabilities to get to cyrus mail, I don't need home and other pieces of information. The thing is, this was working before. and when I am on the machine a wbinfo -a and -K work. I will have a look Thanks > > Robert LeBlanc > Life Sciences & Undergraduate Education Computer Support > Brigham Young University -- "I hear the voices, and I read the front page, and I know the speculation, but I�m the decider and I decide what is best. And what�s best is for Don Rumsfeld to remain as secretary of defense." - George W. Bush 04/18/2006 Washington, DC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba signature.asc* (205 bytes) Download Attachment