[Samba] Winbind trouble. Wbinfo see's users, "getent passwd" doesn't
Colin Davis
ColinD at traininghott.com
Wed Jul 24 10:01:43 GMT 2002
I'm trying to set up a new fileshare, to replace an aging NT4 machine we've
been using for far too long.
I'd like to run Linux (RedHat 7.3) on the machine.
Basically, I'm trying to create a fileshare "files" that people can
transparently log in to from NT4 and Windows 2000 workstations. My boss has
approved the use of Linux for the server, but only if I can make it
transparent to the users.
(which means that they shouldn't need to enter anything special to use it.
just the standard domain username/password)
Our workstations are authenticating off of the domain, which has a Primary
Domain Controller of HOTT-Main. I want to create several shared folders that
any one can write to, for dumping files, but also several directories that
are user-specific.
This means that I need to import the NT4 domain list. I'm using winbind to
try to do this, but having some trouble.
I set up both Samba and Winbind, but I don't think that winbind is working
correctly, and I'm trying to figure out what I missed.
when I do a "wbinfo -u"
I get a list get a list of domain users, but "getent passwd" it just lists
the unix users, and not the NT users.
What adds to my confusion is that the groups (including the domain groups!)
can be listed with "getent group"
Do you have any suggestions on why this might be happening? Could it be
because I'm using shadow passwords?
I'd appreciate any advice you could offer.
(I'm having a hard time figuring out what is wrong, and it's starting to
become tempting to just write a perl script to parse the "wbinfo -u" info,
and put it into the /etc/passwd file, but that seems unnecessarily messy)
My smb.conf looks like the following
[global]
password server = *
wins server = {ip address of wins server}
remote announce = {ip address of wins server}
winbind uid = 10000-20000
security = domain
encrypt passwords = Yes
winbind separator = +
template shell = /bin/bash
server string = Fileshare
workgroup = DOMAINNAME
winbind gid = 10000-20000
winbind enum groups = yes
netbios name = Files
winbind enum users = yes
{shares go here}
/etc/nsswitch.conf contains
passwd: files windbind
shadow: files nisplus
group: files winbind
/etc/pam.d/login looks like
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
account sufficient /lib/security/pam_winbind.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022
finally, /etc/pam.d/samba
#%PAM-1.0
auth required pam_securetty.so
auth required pam_nologin.so
auth sufficient pam_winbind.so
auth required pam_pwdb.so use_first_pass shadow nullok
account required pam_winbind.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
More information about the samba
mailing list