Please help with winbind setup

Kevin kevin at mpcf.com
Thu Nov 8 07:55:05 GMT 2001


I'll give that a shot but i have my doubts too.  I got
those numbers for both uid and gid directly from the
docs.

Thanks for the input.

VeKTeReX

"Konkol, Josh" wrote:
> 
> Not positive, but I think your UID and GID ranges should not intersect like
> that.
> Try
> winbind gid = 20001-30000
> 
> Josh
> 
>  .~.
>  /V\
> /( )\
> ^^-^^
> 
> -----Original Message-----
> From: Kevin [mailto:kevin at mpcf.com]
> Sent: Thursday, November 08, 2001 9:39 AM
> To: samba at lists.samba.org
> Subject: Please help with winbind setup
> 
> I have been (unsuccessfully) trying to get this up and
> running for the past few days.  I have successfully
> setup samba itself NUMEROUS times but this winbind
> stuff has me stumped.
> 
> I have built a fresh box for this server using Turbo
> Linux server 6.5 and samba 2.2.2.  I have followed all
> the docs and man pages that i could find.
> 
> 1. I have samba compiled (using --with-winbind
> --with-pam) and running.
> 2. The samba box has been successfully added to my NT
> domain.
> 3. Winbind appears to be communicating to some extent
> with my PDC because i can get a list of users with
> "wbinfo -u".
> 
> The samba server shows up in the browse list on the
> Windows clients but when you click on the machine it is
> still prompting users for a name and password (none of
> which work).
> 
> my smb.conf file has the following related entries:
> 
> #winbind stuff
> winbind separator = +
> winbind cache = 10
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> template shell = /bin/false
> template homedir = /home/$D/$U
> 
> security = domain
> password server = *
> encrypt passwords = yes
> 
> [tmp]
>         comment = Temporary file space
>         path = /tmp
>         read only = no
>         public = yes
> 
> [share]
>         comment = none
>         path = /shares/test
>         valid users = TESTDOM+larry,TESTDOM+administrator
>         public = yes
>         writable = yes
> 
> I created a file called "samba" in the /etc/pam.d/ dir
> which contains the following lines:
> 
> auth    required        /lib/security/pam_securetty
> auth    required        /lib/security/pam_nologin.so
> auth    sufficient      /lib/security/pam_winbind.so
> auth    required        /lib/security/pam_pwdb.so use_first_pass
> shadow nullok
> account required        /lib/security/pam_winbind.so
> 
> I am ONLY concerned with users being able to access the
> samba shares.  I don't want them to be able to login or
> ftp to the samba box.  If anyone here can help me out
> with this one i would really appreciate it.  If any
> more info is required, please don't hesitate to ask.
> 
> Thanks,
> VeKTeReX
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list