Winbind/RH7.1...More Help
David Brodbeck
DavidB at mail.interclean.com
Mon Oct 22 10:00:10 GMT 2001
I don't think this is a PAM problem. 'getent' relies on the nsswitch
mechanism but I don't think it relies on PAM.
-----Original Message-----
From: Winston Nimchan [mailto:Winston_Nimchan at trinsys.com]
Sent: Friday, October 19, 2001 3:08 PM
To: Sean Trammell
Cc: samba at lists.samba.org
Subject: RE: Winbind/RH7.1...More Help
Tried all the suggestions and still can't see my domain users/groups
with getent
secret is good and message has nothing abnormal bout PAM
Winston
-----Original Message-----
From: Sean Trammell [mailto:strammell at siumed.edu]
Sent: Friday, October 19, 2001 10:54 AM
To: Winston Nimchan
Cc: samba at lists.samba.org
Subject: Re: Winbind/RH7.1...More Help
That is most likely a PAM problem, you need to create/modify a file at:
/etc/pam.d/samba
so that authentication will work against your domain (only for the
samba service, logging into your linux computer is a different
service). Be very careful with PAM, you can lock yourself out of your
machine if it is misconfigured. For example, my /etc/pam.d/samba file
looks like this:
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass
shadow nullok
account required /lib/security/pam_winbind.so
session required /lib/security/pam_pwdb.so
password required /lib/security/pam_pwdb.so
Check to make sure that PAM is configured correctly for samba here,
and then you can check the error log at /var/log/messages for any
errors relating to PAM if it still won't work. Also make sure
that the pam module pam_winbind.so is in place in /lib/security.
Login is a separate module (not samba), you would need to modify
another module config to do that.
-Sean
Winston Nimchan wrote:
>
> The winbind now works...my getent passwd & groups returns the domain
> users/groups
>
> What should be the next step? my clients (Win2K & Win9x) are still
> prompting for a password and I cannot login to my linux box using
> DOMAIN*domainuser.
>
> Must I add each domain user as a user on the linux box?
>
> Regards
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list