[Samba] Problems with Single-Sign-On
Renee Gehlbach
krgehlba at lexairinc.com
Tue Apr 10 13:39:19 GMT 2007
I have a Xandros computer running samba and winbind which has joined an
active directory domain. The samba side seems fine -- I can browse
shares, the net ads join worked fine (after some help from this mailing
list), net ads user lists all users, etc. However, single sign on is
still posing a problem.
When the computer is first booted up, wbinfo -p, wbinfo -t, and wbinfo -a
work fine. wbinfo -u never does, although I can list users with net ads
user. At the X windows login screen, there is a nice pick list with the
domains for all of the schools on the network, the same list that I would
see on a windows machine. Trying to log in to the domain using usernames
and passwords that checked out with wbinfo -a fails. If I then log in
through the X windows login screen to just the local machine, not the
domain, wbinfo -p, wbinfo -t, and wbinfo -a no longer work until the
machine is rebooted. (I have not had any luck with even wbinfo -p after
logging in through an X windows login screen, even if I restart samba and
winbind.) Logging in just from a command prompt never causes this
problem, that I have seen.
I am putting all of the files that I can think of that you might need here
(minus most of the comments for the sake of brevity). If you need
anything else please let me know.
Thanks,
Renee
/etc/pam.d/common-account:
account sufficient pam_winbind.so
account required pam_unix.so
/etc/pam.d/common-auth
auth sufficient pam_winbind.so
auth required pam_unix.so use_first_pass
/etc/pam.d/common-session
session required pam_mkhomedir.so skel=/etc/skel umask=0022
session sufficient pam_winbind.so
session required pam_unix.so
/etc/krb5.conf
[libdefaults]
default_realm = FAYETTE.KETSDS.NET
[realms]
FAYETTE.KETSDS.NET = {
kdc = FAYETTE.ketsds.net
default_domain = FAYETTE.ketsds.net
}
[domain_realm]
FAYETTE.ketsds.net = FAYETTE.KETSDS.NET
.FAYETTE.ketsds.net = FAYETTE.KETSDS.NET
[login]
/etc/nsswitch.conf
passwd: files winbind
group: files winbind
shadow: files winbind
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
/etc/samba/smb.conf
#======================= Global Settings =======================
[global]
realm = FAYETTE.KETSDS.NET
workgroup = FAYETTE
security = ads
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = yes
wins server = 10.84.0.50 10.84.0.52
password server = FAYETTE.ketsds.net
## Browsing/Identification ###
; wins support = no
; wins server = w.x.y.z
dns proxy = no
name resolve order = lmhosts host wins bcast
#### Debugging/Accounting ####
log file = /var/log/samba/log
max log size = 1000
; syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
encrypt passwords = true
passdb backend = tdbsam guest
obey pam restrictions = yes
; guest account = nobody
invalid users = root
map to guest = Bad User
; unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
; pam password change = no
client use spnego = no
########## Printing ##########
load printers = no
printing = cups
printcap name = cups
######## File sharing ########
dos filetimes = yes
############ Misc ############
socket options = TCP_NODELAY
display charset = iso8859-1
unix charset = iso8859-1
; domain master = auto
--
Renee Gehlbach Lexair, Inc.
krgehlba at lexairinc.com 2025 Mercer Rd
859.255.5001 Lexington, KY 40511
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba
mailing list