[Samba] PAM rlogin Winbind - Solaris - NT Domain
Sundaram Ramasamy
sun at percipia.com
Wed Dec 11 14:40:01 GMT 2002
Hi,
I am trying to install winbind PAM on my Solaris 8 machine. The Samba server
has been added to the domain as a member
server, and things, like getent passwd and group actually work and showing the
NT domain accounts .
Since its production machine first I want to enable winbind authentication
for rloing module. I made change in my /etc/pam.conf. But I was not able to
login. Same configuration works in Linux machine.
I am attaching my configuration files. please help me
Thanks
SR
$ rlogin techgroup+guest at 192.168.1.131
Password:
Login incorrect
rlogin: connection closed.
bash-2.03# ls /export/home/guest
bash-2.03#
tail -f /var/adm/messages
Dec 10 09:26:03 pnet login[1622]: [ID 468494 auth.crit] login account failure:
No account present for user
bash-2.03# /usr/local/samba/bin/wbinfo -t
Secret is good
***Versions:***
Solaris 8
Samba 2.2.7 compiled --with-pam --with-winbind
more /etc/nsswitch.conf
passwd: files winbind
group: files winbind
***smb.conf***
[global]
# printing = bsd
# printcap name = /etc/printcap
# load printers = yes
guest account = pcguest
workgroup = TECHGROUP
#security = Share
security = DOMAIN
ENCRYPT PASSWORDS = YES
password server = enterprise
hosts allow = localhost, pnet, 192.168.1.140, 192.168.1.
hosts deny = All
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if
# they have telnet access)
template homedir = /export/home/%U
#template homedir = /home/%U
template shell = /bin/bash
winbind separator = +
wins support = no
wins server = 192.168.1.135
name resolve order = hosts lmhosts bcast
; This next option sets a separate log file for each client. Remove
; it if you want a combined log file.
log file = /var/log/log.%m
log level = 2
; You will need a world readable lock directory and "share modes=yes"
; if you want to support the file sharing modes for multiple users
; of the same files
lock directory = /usr/local/samba/var/locks
share modes = yes
[homes]
comment = Home Directories
browseable = no
read only = no
create mode = 0750
[printers]
comment = All Printers
browseable = no
printable = yes
public = no
writable = no
create mode = 0700
[share]
path = /export/home/share
comment = Solaris share
guest ok = Yes
read only = No
bash-2.03# more /etc/pam.conf
#
#ident "@(#)pam.conf 1.14 99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
login auth required /usr/lib/security/$ISA/pam_unix.so.1
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
#
rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth sufficient /usr/lib/security/pam_winbind.so debug
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Account management
#
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other session required /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
other password required /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_p
ass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the samba
mailing list