Winbind/RH7.1...More Help

David Brodbeck DavidB at mail.interclean.com
Mon Oct 22 10:00:10 GMT 2001


I don't think this is a PAM problem.  'getent' relies on the nsswitch
mechanism but I don't think it relies on PAM.

-----Original Message-----
From: Winston Nimchan [mailto:Winston_Nimchan at trinsys.com]
Sent: Friday, October 19, 2001 3:08 PM
To: Sean Trammell
Cc: samba at lists.samba.org
Subject: RE: Winbind/RH7.1...More Help


Tried all the suggestions and still can't see my domain users/groups
with getent
secret is good and message has nothing abnormal bout PAM

Winston

-----Original Message-----
From: Sean Trammell [mailto:strammell at siumed.edu]
Sent: Friday, October 19, 2001 10:54 AM
To: Winston Nimchan
Cc: samba at lists.samba.org
Subject: Re: Winbind/RH7.1...More Help


That is most likely a PAM problem, you need to create/modify a file at:
/etc/pam.d/samba

so that authentication will work against your domain (only for the
samba service, logging into your linux computer is a different
service).  Be very careful with PAM, you can lock yourself out of your
machine if it is misconfigured.  For example, my /etc/pam.d/samba file
looks like this:

auth            required        /lib/security/pam_securetty.so
auth            required        /lib/security/pam_nologin.so
auth            sufficient      /lib/security/pam_winbind.so
auth            required        /lib/security/pam_pwdb.so use_first_pass
shadow nullok
account         required        /lib/security/pam_winbind.so
session         required        /lib/security/pam_pwdb.so
password        required        /lib/security/pam_pwdb.so

Check to make sure that PAM is configured correctly for samba here,
and then you can check the error log at /var/log/messages for any
errors relating to PAM if it still won't work.  Also make sure
that the pam module pam_winbind.so is in place in /lib/security.

Login is a separate module (not samba), you would need to modify
another module config to do that.

-Sean

Winston Nimchan wrote:
> 
> The winbind now works...my getent passwd & groups returns the domain
> users/groups
> 
> What should be the next step? my clients (Win2K & Win9x) are still
> prompting for a password and I cannot login to my linux box using
> DOMAIN*domainuser.
> 
> Must I add each domain user as a user on the linux box?
> 
> Regards

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list