[Samba] Getting Samba3.0.9 to work on Debian(woody) for AD
Authentication
Tyler Retzlaff
rtr at omicron-persei-8.net
Fri Jan 21 05:11:46 GMT 2005
On Friday 21 January 2005 08:23, Unix Technician wrote:
> Hi,
>
> I am using samba 3.0.9 on Debian (woody) IA 64 bit server. I have made
> a post on linuxquestions.org which contains my compilation and its
> arguments, krb5.conf, smb.conf, also my kinit and wbinfo -u, g, t, all
> of which work. I also have the official samba guide and samba by
> example. I do not have telnet installed and have tried to configure my
> SSH PAM options. I was wondering if anyone could send me and example
> working SSH PAM module to use as a base for figuring out the
> authentication. I am in Windows server 2003 network running in native
> mode and the username(s) and password(s) that I am trying to sign in
> with only exist in AD. There are only two local accounts on the
> machine, root & one other. I hope you don't think I'm trying to take a
> shortcut and get someone to give me there configuration without working
> for it. Believe me I've been working on this for a while and posting is
> usually my last option and I try to avoid it because as you can see from
> my post on linuxquestions.org it has 400 views and zero responses. I am
> sure that I am close and have tried to eliminate all other options. I
> can give you more recent log files than what is on the post. I just
> wanted to try use a working SSH PAM config first to see if that is all
> of my problems. Here is the link to the post on linuxquestions.org.
> Thanks again.
I notice you don't mention libnss-winbind? You do have getent {passwd,group}
working right?
I was using the following smb.conf everything else default values.
[global]
netbios name = MYDEBBOX
workgroup = INTERNAL
# smbd ad membership
realm = INTERNAL.MYDOMAIN.NET
security = ADS
encrypt passwords = yes
password server = MYADPDC.INTERNAL.MYDOMAIN.NET
# winbind
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
idmap uid = 10000-20000
idmap gid = 10000-20000
For pam.d/ssh (before pam_unix.so's)
xxx sufficient pam_winbind.so
I should mention though that I was not using the krb5 1.2 as packaged for
woody, it just wouldn't work. You have to use >= 1.3. Though a post I made
on here had a followup saying perhaps in samba 3.0.11 would have a
work-around/fix or something. In any case I was working with 3.0.9 as you
are.
Tyler
More information about the samba
mailing list