Winbind/RH7.1...More Help
Rafael
rafiros at posgrad.nce.ufrj.br
Fri Oct 19 11:40:05 GMT 2001
They are in /etc/pam.d
----- Original Message -----
From: "Winston Nimchan" <Winston_Nimchan at trinsys.com>
To: "Levi Ruiz" <lruiz at pnicorp.com>; "Samba Mailing List (E-mail)"
<samba at lists.samba.org>
Sent: Friday, October 19, 2001 3:32 PM
Subject: RE: Winbind/RH7.1...More Help
Hi:
Are you using RH 7.1? if yes, where does tho sshd & login files go?
Regards
Winston Nimchan
-----Original Message-----
From: Levi Ruiz [mailto:lruiz at pnicorp.com]
Sent: Friday, October 19, 2001 1:18 PM
To: Samba Mailing List (E-mail)
Subject: RE: Winbind/RH7.1...More Help
Here are my sshd & login pam config files:
sh-2.04$ cat sshd
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow
nullok
account required /lib/security/pam_winbind.so
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
sh-2.04$ cat login
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow
nullok
account required /lib/security/pam_winbind.so
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
This works for me, also did you mean to use * for your winbindd
seperator?
The recommended is +, so you may want to try that as well just to make
sure
while you are testing.
-----Original Message-----
From: Rafael [mailto:rafiros at posgrad.nce.ufrj.br]
Sent: Friday, October 19, 2001 9:27 AM
To: Sean Trammell
Cc: samba at lists.samba.org
Subject: Re: Winbind/RH7.1...More Help
I'm with the same problem and i only can get access to my samba
server
with i stop the winbind service.
Does anyone know the right configuration of pam so that with winbind
running i can get access to samba and login to the linux box?
Rafael
----- Original Message -----
From: "Sean Trammell" <strammell at siumed.edu>
To: "Winston Nimchan" <Winston_Nimchan at trinsys.com>
Cc: <samba at lists.samba.org>
Sent: Friday, October 19, 2001 11:53 AM
Subject: Re: Winbind/RH7.1...More Help
> That is most likely a PAM problem, you need to create/modify a file
at:
> /etc/pam.d/samba
>
> so that authentication will work against your domain (only for the
> samba service, logging into your linux computer is a different
> service). Be very careful with PAM, you can lock yourself out of your
> machine if it is misconfigured. For example, my /etc/pam.d/samba file
> looks like this:
>
> auth required /lib/security/pam_securetty.so
> auth required /lib/security/pam_nologin.so
> auth sufficient /lib/security/pam_winbind.so
> auth required /lib/security/pam_pwdb.so
use_first_pass
shadow nullok
> account required /lib/security/pam_winbind.so
> session required /lib/security/pam_pwdb.so
> password required /lib/security/pam_pwdb.so
>
> Check to make sure that PAM is configured correctly for samba here,
> and then you can check the error log at /var/log/messages for any
> errors relating to PAM if it still won't work. Also make sure
> that the pam module pam_winbind.so is in place in /lib/security.
>
> Login is a separate module (not samba), you would need to modify
> another module config to do that.
>
> -Sean
>
> Winston Nimchan wrote:
> >
> > The winbind now works...my getent passwd & groups returns the domain
> > users/groups
> >
> > What should be the next step? my clients (Win2K & Win9x) are still
> > prompting for a password and I cannot login to my linux box using
> > DOMAIN*domainuser.
> >
> > Must I add each domain user as a user on the linux box?
> >
> > Regards
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list