[Samba] Authenticate Linux Session with NT Domain Acct.
Buchan Milne
bgmilne at cae.co.za
Fri Dec 6 15:43:51 GMT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Message: 24
> From: Benjamin Krein <bkrein at pmctechnologies.com>
> To: samba at lists.samba.org
> Organization: PMC Technologies, Inc.
> Date: 05 Dec 2002 11:28:56 -0500
> Subject: [Samba] Authenticate Linux Session with NT Domain Acct.
>
> Despite configuring winbind and my /etc/pam.d/<files>, I am still unable
> to actually log into a Linux session (ie, at the gdm login screen or
> text login prompt) using my NT domain account. Here is my
> /etc/pam.d/login file:
>
> auth required /lib/security/pam_securetty.so
> auth sufficient /lib/security/pam_winbind.so
> auth sufficient /lib/security/pam_unix.so use_first_pass
> auth required /lib/security/pam_stack.so service=system-auth
> auth required /lib/security/pam_nologin.so
> account sufficient /lib/security/pam_winbind.so
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> session optional /lib/security/pam_console.so
>
It would be useful if you included your /etc/pam.d/system-auth file. You
don't have a pam_mkhomedir entry here, so you won't be logged in if
your home directory does not exist.
> NOTE: I can access NT shares using my NT Domain credentials, but that's
> about it. I can also get group/user info. from the NT domain which
> tells me winbind is communicating with my PDC. Thanks for any help.
Some more debugging info would be useful, such as whether:
1)'wbinfo -u' returns domain users
2)'wbinfo -g' returns domain groups
3)'getent passwd' includes domain users
4)'getent group' includes domain groups
BTW, Mandrake 9.0 has an option for winbind authentication during
installation, which mostly works out the box (if you enter your domain
name in caps, otherwise you have to create /home/DOMAIN manually).
The file that we use to replace /etc/pam.d/system-auth (so you don't
have to hack any other pam files for winbind auth) is in the samba
source distribution, under packaging/Mandrake. You can also find some
examples for Redhat 8.0 in the tarball which includes my presentation on
winbind:
http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.tar.gz
Regards,
Buchan
- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE98MX4rJK6UGDSBKcRAr8aAKCy291pYAtGE5yyNynTSqoD/rj94gCgmavs
tIgfy1SIqO0UzvVqmdaeRp8=
=ab//
-----END PGP SIGNATURE-----
More information about the samba
mailing list