Winbind/RH7.1...More Help

Winston Nimchan Winston_Nimchan at trinsys.com
Mon Oct 22 12:24:05 GMT 2001 

I have a Win 2K Mixed Mode domain with 1 NT4 Server and 4 2k Servers
I installed from source/configured with --with-pam etc
I have Win 2k, 9x clients.

If I manually add my domain users to smbpasswd, my 2k clients can
connect to my samba server and use resources but my win 9x clients are
prompting for password and nothing that i enter seems to be valid.

Is winbind supposed to copy my domain users/groups to my samba box? so I
don't have to recreate each user in samba.

Regards

Winston Nimchan

-----Original Message-----
From: Sean Trammell [mailto:strammell at siumed.edu]
Sent: Monday, October 22, 2001 1:35 PM
To: Winston Nimchan
Cc: David Brodbeck; samba at lists.samba.org
Subject: Re: Winbind/RH7.1...More Help


Someone correct me if I am wrong, but I think that this really is a PAM
problem.  There are several things that I can think of offhand, either
samba was not compiled --with-pam or samba is not configured correctly
or the appropriate PAM module is not configured correctly.  We need more
information, are you getting any errors in /var/log/messages?  PAM
problems are logged there on my Redhat 7.1 system.  Also, did you use an
RPM or did you compile samba from source?  If it was source, did you use
--with-pam when configuring?  If that fails you could post the relevant
lines of your smb.conf file (probably most the global section).  What is
the OS of your password server?

-Sean

Winston Nimchan wrote:
> 
> hey:
> 
> got pass that stage. wbinfo & getent returns the values as expected.
> 
> However my Windoze client are prompting for username/password and
> nothing I enter is being accepted. Any ideas?
> 
> Regards
> 
> Winston Nimchan
> 
> -----Original Message-----
> From: David Brodbeck [mailto:DavidB at mail.interclean.com]
> Sent: Monday, October 22, 2001 12:59 PM
> To: Winston Nimchan; Sean Trammell
> Cc: samba at lists.samba.org
> Subject: RE: Winbind/RH7.1...More Help
> 
> I don't think this is a PAM problem.  'getent' relies on the nsswitch
> mechanism but I don't think it relies on PAM.
> 
> -----Original Message-----
> From: Winston Nimchan [mailto:Winston_Nimchan at trinsys.com]
> Sent: Friday, October 19, 2001 3:08 PM
> To: Sean Trammell
> Cc: samba at lists.samba.org
> Subject: RE: Winbind/RH7.1...More Help
> 
> Tried all the suggestions and still can't see my domain users/groups
> with getent
> secret is good and message has nothing abnormal bout PAM
> 
> Winston
> 
> -----Original Message-----
> From: Sean Trammell [mailto:strammell at siumed.edu]
> Sent: Friday, October 19, 2001 10:54 AM
> To: Winston Nimchan
> Cc: samba at lists.samba.org
> Subject: Re: Winbind/RH7.1...More Help
> 
> That is most likely a PAM problem, you need to create/modify a file
at:
> /etc/pam.d/samba
> 
> so that authentication will work against your domain (only for the
> samba service, logging into your linux computer is a different
> service).  Be very careful with PAM, you can lock yourself out of your
> machine if it is misconfigured.  For example, my /etc/pam.d/samba file
> looks like this:
> 
> auth            required        /lib/security/pam_securetty.so
> auth            required        /lib/security/pam_nologin.so
> auth            sufficient      /lib/security/pam_winbind.so
> auth            required        /lib/security/pam_pwdb.so
use_first_pass
> shadow nullok
> account         required        /lib/security/pam_winbind.so
> session         required        /lib/security/pam_pwdb.so
> password        required        /lib/security/pam_pwdb.so
> 
> Check to make sure that PAM is configured correctly for samba here,
> and then you can check the error log at /var/log/messages for any
> errors relating to PAM if it still won't work.  Also make sure
> that the pam module pam_winbind.so is in place in /lib/security.
> 
> Login is a separate module (not samba), you would need to modify
> another module config to do that.
> 
> -Sean
> 
> Winston Nimchan wrote:
> >
> > The winbind now works...my getent passwd & groups returns the domain
> > users/groups
> >
> > What should be the next step? my clients (Win2K & Win9x) are still
> > prompting for a password and I cannot login to my linux box using
> > DOMAIN*domainuser.
> >
> > Must I add each domain user as a user on the linux box?
> >
> > Regards
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list