Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
Rafael
rafiros at posgrad.nce.ufrj.br
Wed Oct 31 11:33:09 GMT 2001
Joe,
Thanks for taking time to help me, but unfurtnely didn't work it.
If anyone have any idea, please..........
Rafael
----- Original Message -----
From: "Kroboth, Joe" <joe_kroboth at chernay.com>
To: "'Rafael'" <rafiros at posgrad.nce.ufrj.br>
Sent: Monday, October 29, 2001 4:30 PM
Subject: RE: Re: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to
working
>
> Hello Rafael,
>
> Here is an email that helped me to get it to work:
>
>
>
>
> ------------------------------------------------
> Hi Joe,
>
> I believe that RH 7.1 uses the centralized /etc/pam.d/system-auth
> file. You can set you /etc/pam.d/samba file to mimic /etc/pam.d/login
> or the like.
>
> Here's my /etc/pam.d/samba
> auth required /lib/security/pam_nologin.so
> auth required /lib/security/pam_stack.so service=system-auth
> account required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
>
> The pam_stack.so module invokes the specified service (system-auth in
> this case which means that you must have a /etc/pam.d/system-auth file).
>
> Here's my /etc/pam.d/system-auth:
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth required /lib/security/pam_env.so
> auth sufficient /lib/security/pam_winbind.so debug
> auth sufficient /lib/security/pam_unix.so use_first_pass
> likeauth nullok
> auth required /lib/security/pam_deny.so
>
> account required /lib/security/pam_winbind.so
> #account required /lib/security/pam_unix.so
>
> password required /lib/security/pam_cracklib.so retry=3
> password sufficient /lib/security/pam_unix.so nullok use_authtok
> md5 shadow nis
> password required /lib/security/pam_deny.so
>
> session required /lib/security/pam_limits.so
> session required /lib/security/pam_unix.so
>
> Note the pam_windbind entries and the auth pam_unix entry with the
> "use_first_pass"
> argument. You could probably replace the pam_unix stuff with pam_pwdb
> if you prefer that. Anyway, this configuration works for me using
> swat and, in particular, correctly authenticates local/nis users vs.
> domain
> users.
>
> Hope this helps.
> Scott
> ------------------------------------------------------------
>
>
> Let me know how it goes.
>
> Best,
>
> Joe
>
>
> -----Original Message-----
> From: Rafael [mailto:rafiros at posgrad.nce.ufrj.br]
> Sent: Monday, October 29, 2001 2:17 PM
> To: samba at lists.samba.org
> Subject: Re: Re: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to
> working
>
>
> Tony,
>
> Everything described here i already did and works fine, the
problem
> is that i can't: login in the linux box(with the nt account) and and
access
> from a nt machine (but i can if the winbind is off).
>
> Rafael
>
>
>
> ----- Original Message -----
> From: "Rafael" <rdilego at connection.com.br>
> To: <beaver at dcc.ufrj.br>
> Sent: Monday, October 29, 2001 5:33 AM
> Subject: Fwd: Re: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to
> working
>
>
> > ==================BEGIN FORWARDED MESSAGE==================
> > >Received: from pandora.cantech.net.au (unverified [203.26.6.29]) by
> servpos1.posgrad.nce.ufrj.br
> > > (EMWAC SMTPRS 0.83) with SMTP id
> <B0004184582 at servpos1.posgrad.nce.ufrj.br>;
> > > Thu, 25 Oct 2001 23:14:42 -0300
> > >Received: from thor.cantech.net.au (thor.cantech.net.au [203.26.6.12])
> > > by pandora.cantech.net.au (8.11.6/8.11.6) with ESMTP id f9Q1EEl22483;
> > > Fri, 26 Oct 2001 09:14:14 +0800
> > >Date: Fri, 26 Oct 2001 09:14:14 +0800 (WST)
> > >From: "Anthony J. Breeds-Taurima" <tony at cantech.net.au>
> > >To: Rafael <rafiros at posgrad.nce.ufrj.br>
> > >cc: <samba at lists.samba.org>
> > >Subject: Re: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to
working
> > >In-Reply-To: <00a601c15d6f$d6179fb0$f110a492 at posgrad.nce.ufrj.br>
> > >Message-ID:
<Pine.LNX.4.33.0110260907000.1075-100000 at thor.cantech.net.au>
> > >MIME-Version: 1.0
> > >Content-Type: TEXT/PLAIN; charset=US-ASCII
> > >
> >
> > On Thu, 25 Oct 2001, Rafael wrote:
> >
> > > Hi, again,
> > >
> > > My problem is that i can see the domain users with getent
> and
> > > wbinfo, but the login is not granted and the message in the
> > > /var/log/messages is "User not known to the underlying authentication
> > > module".
> > > I don't know, but i don't believe it's a pam problem. Does
> > > anyone know or have a hunt???
> >
> > Make sure:
> >
> > a) you have joind the domain corrently.
> > wbinfo -t should help there
> > b) you have something like:
> > winbind cache time = 10
> > winbind enum users = yes
> > winbind enum groups = yes
> > template shell = /bin/bash
> > template homedir = /home/%D/%U
> > winbind uid = 10000-20000
> > winbind gid = 10000-20000
> > in smb.conf
> > c) you have tha appropriate domain setting in smb.conf
> > d) your winbindd is running
> > e) you have something like:
> > passwd: files winbind
> > group: files winbind
> > in /etc/nsswitch.conf
> > e) /lib/libnss_winbind.so exists
> > g) /lib/libnss_winbind.so.2 is a symlink to /lib/libnss_winbind.so
> >
> > Assuming all that is correct you definatly should be able to see
> > domain users with: wbinfo -u
> > domain groups with: wbinfo -g
> >
> > you should be able to "finger DOMAIN\\User" and get info.
> >
> > If you are still having problems the start a new thread and detail
exactly
> > what is and isn't working.
> >
> > Yours Tony.
> >
> > /*
> > * "The significant problems we face cannot be solved at the
> > * same level of thinking we were at when we created them."
> > * --Albert Einstein
> > */
> >
> >
> > ===================END FORWARDED MESSAGE===================
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list