Info on Winbind drastically needed please.

MCCALL,DON (HP-USA,ex1) don_mccall at hp.com
Mon Jan 7 13:52:03 GMT 2002 

Hello Mark,
I could be wrong, but I don't believe that winbindd, etc has any provision
for CREATING the home directory for the user when he telnets in.  The
'template homedir'  parameter simply tells winbind what to pass back to the
getXbyY system calls that the unix login, etc programs are using to get user
information.  So the home directories must exist.  Otherwise if you have a
shell/login daemon that will not allow you to make your pwd "/"  or the root
directory (which is what in my experience is done on HPUX when the home
directory information, for instance in the /etc/passwd file, is incorrect)
then you would get the behavior you talk about.  Since it is the UNIX login
process that is refusing to allow the login to complete (probably because it
doesn't like the idea of a normal user having '/' as its working directory)
you aren't going to see any messages relating to the failure in any of the
samba logs.

Just my 2 cents worth,
don

-----Original Message-----
From: Mark Cooke [mailto:mark at extension2.freeserve.co.uk]
Sent: Monday, January 07, 2002 3:58 PM
To: Samba-Technical "(E-post)
Subject: Info on Winbind drastically needed please.


Hi All,

First off I'll start by apologising that this maybe the incorrect list
to ask some of these questions, but If someone could possibly take a
moment to help me out (as Ive tried posting to over samba lists and the
redhat lists), I would be very grateful..

Basically Ive been trying for about 2 weeks to try to get my Linux box
to talk to our PDC on an NT server at work and to be honest It's really
starting to get to me.

I'm using samba-2.2.2-8 from RedHat rawhide on RH 7.1.

I ve installed it correctly and copied over the correct files and edited
my smb.conf as below:


[global]

# Winbind configuration
    winbind separator = +
    winbind cache time = 10
    template shell = /bin/bash
    template homedir = /home/%D/%U
    winbind uid = 10000-20000
    winbind gid = 10000-20000

# workgroup = NT-Domain-Name or Workgroup-Name
    workgroup = TUX

# Security mode. Most people will want user level security. See
# security_level.txt for details.
    security = domain

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
    password server = THOR

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
    encrypt passwords = yes
;   smb passwd file = /etc/samba/smbpasswd


Our domain shall we say is called TUX.

In /etc/nsswitch.conf put the following:

passwd:     files winbind
group:      files winbind
	
Ive managed to get the linux box to join the domain using:

smbpasswd -j TUX -r THOR -U admin.

So then (to keep things simple), altered /etc/pam.d/login to read
(I am at the console trying to login):

auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_nologin.so
auth       sufficient   /lib/security/pam_winbind.so
auth       required     /lib/security/pam_pwdb.so use_first_pass shadow
nullok
account required /lib/security/pam_winbind.so
#account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_console.so

then I started winbindd and also both samba services.

I can list all the NT Domasin users using:getent passwd and getent group

but, when I try to login, it authenticicates ok (after checking
/var/log/.messages), but after typing in hte password, it brings up the
issue screen, then very quickly an error about not being able to create
the users directory (but nothing is displayed in the logs at all)
It logs in o.k, and displays the issue msg and then logs me out straight
away.
Also there is nothing related to this in the samba logs either.
/var/log/messages/:

Jan  7 10:08:07 scaramanga pam_winbind[22583]: user 'TUX+admin' granted
acces
Jan  7 10:08:07 scaramanga pam_winbind[22583]: user 'TUX+admin' granted
acces
Jan  7 10:08:07 scaramanga login(pam_unix)[22583]: session opened for
user TUX+admin by LOGIN(uid=0)
Jan  7 10:08:07 scaramanga  -- TUX+admin[22583]: LOGIN ON tty1 BY
TUX+admin
Jan  7 10:08:07 scaramanga login(pam_unix)[22583]: session closed for
user TUX+admin

Again Iam sorry if this is the wrong list,but I figured that being the
developers list hopefully someone could help he out, as someone would
have abit more knowledge of how winbind works here.

The way I can see it is that once you logged in then samba should create
the directorys for you, ie /home/TUX/admin in this case

rather than manually creating them before the user logs in.

Thanks in Advnace 

Mark













	



-- 
 
----
        A penguin a day keeps the fatal exceptions away...
        
                              Registered Linux User: 208939
                             	Licq: 119422259

More information about the samba-technical mailing list