[Samba] Solaris, winbind and console login
Walther, Jens-Uwe
Walther at krz.schott.de
Tue Oct 1 15:10:00 GMT 2002
Hi,
I 'm running :
bash-2.03# uname -a
SunOS kdejenssamfs 5.8 Generic_108528-15 sun4u sparc SUNW,Sun-Fire-280R
and Samba 2.2.5 with winbind and PAM module.
I do not need local domain users anymoure as expected. But I have two
remaining problems:
1. "console" logins are no longer possible. I get the follwoing error in
/var/adm/messages:
...
Oct 1 16:41:07 kdejenssamfs pam_winbind[817]: [ID 507189 auth.error]
request failed, PAM error was 13, NT error was NT_STATUS_NO_SUCH_USER
..
2. ftp doesn't work even if telnet works.
My "/etc/pam.conf" is:
#
#ident "@(#)pam.conf 1.16 01/01/24 SMI"
#
# Copyright (c) 1996-2000 by Sun Microsystems, Inc.
# All rights reserved.
#
# PAM configuration
#
# Authentication management
#
login auth required /usr/lib/security/pam_winbind.so.1 debug
login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
#
rlogin auth sufficient /usr/lib/security/pam_winbind.so.1
rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
dtlogin auth sufficient /usr/lib/security/pam_winbind.so.1
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth sufficient /usr/lib/security/pam_winbind.so.1 debug
other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
# Account management
#
login account sufficient /usr/lib/security/pam_winbind.so.1 debug
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_projects.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
dtlogin account sufficient /usr/lib/security/pam_winbind.so.1
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_projects.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
other account sufficient /usr/lib/security/pam_winbind.so.1 debug
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_projects.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
# Session management
#
other session required /usr/lib/security/$ISA/pam_unix.so.1
try_first_pass
#
# Password management
#
other password required /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
smb.conf is:
workgroup = KRZ
netbios name = kdejenssamfs
#netbios aliases = proxy2 djian
server string = Samba %v %h
interfaces = 10.2.39.204/23
bind interfaces only = true
socket address = 10.2.39.204/23
map to guest = Bad user
log level = 1
syslog = 0
log file = /usr/local/samba/var/log.%m
max log size = 10
deadtime = 5
os level = 31
domain master = no
local master = no
wins server = 10.2.39.67
name resolve order = lmhosts wins hosts bcast
# make sure you 've domain account for samba server to NT domain
# and typed "smbpasswd -j DOM -r DOMPDC" before
security = domain
password server = kdejenskrzads1.krz.ads kdejenskrzads2.krz.ads
encrypt passwords = true
username map = /usr/local/samba/private/users.map
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /export/home/%D/%U
template shell = /bin/bash
...
Any help is appreciated.
Best regards
Uwe walther
More information about the samba
mailing list