Winbind/RH7.1...More Help

Sean Trammell strammell at siumed.edu
Mon Oct 22 10:33:03 GMT 2001 

Someone correct me if I am wrong, but I think that this really is a PAM
problem.  There are several things that I can think of offhand, either
samba was not compiled --with-pam or samba is not configured correctly
or the appropriate PAM module is not configured correctly.  We need more
information, are you getting any errors in /var/log/messages?  PAM
problems are logged there on my Redhat 7.1 system.  Also, did you use an
RPM or did you compile samba from source?  If it was source, did you use
--with-pam when configuring?  If that fails you could post the relevant
lines of your smb.conf file (probably most the global section).  What is
the OS of your password server?

-Sean

Winston Nimchan wrote:
> 
> hey:
> 
> got pass that stage. wbinfo & getent returns the values as expected.
> 
> However my Windoze client are prompting for username/password and
> nothing I enter is being accepted. Any ideas?
> 
> Regards
> 
> Winston Nimchan
> 
> -----Original Message-----
> From: David Brodbeck [mailto:DavidB at mail.interclean.com]
> Sent: Monday, October 22, 2001 12:59 PM
> To: Winston Nimchan; Sean Trammell
> Cc: samba at lists.samba.org
> Subject: RE: Winbind/RH7.1...More Help
> 
> I don't think this is a PAM problem.  'getent' relies on the nsswitch
> mechanism but I don't think it relies on PAM.
> 
> -----Original Message-----
> From: Winston Nimchan [mailto:Winston_Nimchan at trinsys.com]
> Sent: Friday, October 19, 2001 3:08 PM
> To: Sean Trammell
> Cc: samba at lists.samba.org
> Subject: RE: Winbind/RH7.1...More Help
> 
> Tried all the suggestions and still can't see my domain users/groups
> with getent
> secret is good and message has nothing abnormal bout PAM
> 
> Winston
> 
> -----Original Message-----
> From: Sean Trammell [mailto:strammell at siumed.edu]
> Sent: Friday, October 19, 2001 10:54 AM
> To: Winston Nimchan
> Cc: samba at lists.samba.org
> Subject: Re: Winbind/RH7.1...More Help
> 
> That is most likely a PAM problem, you need to create/modify a file at:
> /etc/pam.d/samba
> 
> so that authentication will work against your domain (only for the
> samba service, logging into your linux computer is a different
> service).  Be very careful with PAM, you can lock yourself out of your
> machine if it is misconfigured.  For example, my /etc/pam.d/samba file
> looks like this:
> 
> auth            required        /lib/security/pam_securetty.so
> auth            required        /lib/security/pam_nologin.so
> auth            sufficient      /lib/security/pam_winbind.so
> auth            required        /lib/security/pam_pwdb.so use_first_pass
> shadow nullok
> account         required        /lib/security/pam_winbind.so
> session         required        /lib/security/pam_pwdb.so
> password        required        /lib/security/pam_pwdb.so
> 
> Check to make sure that PAM is configured correctly for samba here,
> and then you can check the error log at /var/log/messages for any
> errors relating to PAM if it still won't work.  Also make sure
> that the pam module pam_winbind.so is in place in /lib/security.
> 
> Login is a separate module (not samba), you would need to modify
> another module config to do that.
> 
> -Sean
> 
> Winston Nimchan wrote:
> >
> > The winbind now works...my getent passwd & groups returns the domain
> > users/groups
> >
> > What should be the next step? my clients (Win2K & Win9x) are still
> > prompting for a password and I cannot login to my linux box using
> > DOMAIN*domainuser.
> >
> > Must I add each domain user as a user on the linux box?
> >
> > Regards
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list