Problem: Added a CentOS 6.5 server to a Windows SBS 2011 domain. And discovered that I got an empty reply when running:
# where jamesmcd is your Windows domain username getent passwd jamesmcd
If this is the case you will not be able to use your domain account and password to access the Linux Box via ssh or telnet.
Cause: Missing information in /etc/pam.d/system-auth and /etc/samba/smb.conf
Resolution: I think this is the fix… This assumes that you have successfully joined the domain using the
net ads join command and can get a domain user / group list using
wbinfo -u wbinfo -g But are having trouble returning usernames with getent
In smb.conf it should like as follows
Note: “winbind use default domain = Yes” so getent passwd doesn’t return the names using DOMAIN\username format.
workgroup = AXXXXXS realm = AXXXXXS.LOCAL server string = Samba Server Version %v security = ADS log file = /var/log/samba/log.%m max log size = 50 load printers = No template shell = /bin/bash winbind use default domain = Yes idmap config * : range = 16777216-33554431 idmap config * : backend = tdb cups options = raw
use authconfig-tui to configure winbind authentication this will modify /etc/pam.d/system-auth with the correct pam_winbind entries see screen shots below.
after using the above /etc/nsswitch.conf should have
passwd: files winbind
shadow: files winbind
group: files winbind
service smb restart service winbind restart
Enable “Use Winbind” and “Use Winbind Authentication”