winbindd and ftp
=?gb2312?B?Y2FybC5odWFuZyBb/FO9qORoXQ==?=
carl.huang at mic.com.tw
Thu Dec 20 19:08:03 GMT 2001
Hello,
The config file is really not difficult to config. My machine is Redhat
linux 7.2, samba2.2.2.
See files below. It contains :/etc/samba/smb.conf, /etc/nsswitch.conf,
/etc/pam.d/login,/etc/pam.d/ftp.
About ftp, it works with pam. Because if I make directory /home/testftp1
manually, i can ftp in with user naspdc+testftp1. Perhaps ftp doesn't work
with session item. So if directory doesn't exist, how can user
ftp in ? Is there a default directory be configured in /etc/ftpaccess ?
Help!
About my successful process:
1.First make the PDC(a win2000 server) work.
2.complie samba2.2.2 with --with-winbind(also with other items) and install
it. config /etc/samba/smb.conf.
3.join samba to domain.
4.Add users into PDC.
5.config /etc/nsswitch.conf and /etc/pam.d/login
6.restart /etc/rc.d/init.d/smb.
7.start winbindd. ----- winbindd -i -d 3 -s /etc/samba/smb.conf ( you can
see how it works).
8. use "wbinfo" and "getent" to test whether winbindd works.
9. I can telnet the machine with samba, using naspdc+username or
naspdc\username.
10.I can "smbclient //smbhost/myshare -U naspdc\\username". (naspdc is
domain name).
11.I also can access samba from win2000Pro. If i had logined the domain,
needn't password anymore.
# /etc/samba/smb.conf
[global]
workgroup = naspdc
server string = Samba Server
netbios name = naswb
guest account = ftp
log file = /var/log/samba/log.%m
log level = 3
max log size = 0
security = domain
password server = *
password level = 4
username level = 4
encrypt passwords = yes
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = 10.83.0.253
dns proxy = no
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
[myshare]
comment = test folder
path = /home/share
; valid users = asdf administrator hjf
; public = no
writable = yes
; printable = no
; create mask = 0765
# /etc/nsswitch.conf
passwd: files winbind nisplus
shadow: files winbind nisplus
group: files winbind nisplus
hosts: files nisplus dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files nisplus
rpc: files
services: files nisplus
netgroup: files nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
#/etc/pam.d/login
#%PAM-1.0(login)
#auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_stack.so service=system-auth
#auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
#session sufficient /lib/security/pam_winbind.so
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
session required /lib/security/pam_mkhomedir.so
#/etc/pam.d/ftp-
#%PAM-1.0(ftp)
auth required /lib/security/pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_shells.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
session sufficient /lib/security/pam_mkhomedir.so
session required /lib/security/pam_stack.so service=system-auth
------------------------------------------------
------------------------------------------------
On Thursday 20 December 2001 08:38, carl.huang at mic.com.tw wrote:
> Hello,
>
> I setup samba2.2.2 with winbind. samba is a member of domain with
> security=domain. Now both work well.
> Since there is no user in /etc/passwd, and user information gets from
PDC(a
> win2000 server).
Wow! This is what I want to achieve but can't! As soon as I start winbindd
domain logins are not accepted anymore.
Can you send me your smb.conf?
> The question is: there is no /home/xxx directory too.(I don't want to make
> it manually).
>
> I can configure /etc/pam.d/login with :
> session required /lib/security/pam_mkhomedir.
> so when user(naspdc+xxx ) first login , the machine will auotmatically
> make /home/xxx directory. So it's no problem.(naspdc is domain name).
>
> But when user(naspdc+testftp1) first ftp to this machine, the machine
says:
> 530 User naspdc+testftp1: can't change directory to /home/testftp1.
> Login failed. (Because there is no directory /home/testftp1, naspdc is
> domain name).
>
> I also configure /etc/pam.d/ftp with pam_mkhomedir.so but it doesn't work.
Looks like your ftp server program does not use PAM...
how does it accepts DOMAIN+user usernames then? I'm not that familiar with
PAM but could it be that ftp does not use 'session' line, only 'passwd' in
PAM conf file? Can you try to verify this?
--
vda
More information about the samba
mailing list