[Samba] WINBIND configuration and NT Authentication

Mikko Rautiainen mrautia6 at welho.com
Sun Nov 17 21:58:01 GMT 2002


I'll try to get the config files I have for you tomorrow, but they wont 
work in suse 7.2
They aply in madrake 9. I got locked out couple times too :)

The most important pam files are samba, system-auth(-winbind), and login.

Mikko


Chris McKeever wrote:

>thanks for the reply..you got it with the pam configuration...would you
>happen to have some working examples??  also, is there a way to restart PAM
>after changes (say to the login and passwd files)
>
>
>Thanks for those links
>
>
>-----Original Message-----
>From: Mikko Rautiainen [mailto:mrautia6 at welho.com]
>Sent: Sunday, November 17, 2002 3:53 AM
>To: Chris McKeever
>Subject: Re: [Samba] WINBIND configuration and NT Authentication
>
>
>Hi,
>
>
>Yes it's possible to authenticate users from win 2000 server with 
>winbind. For me
>the PAM configuration was the hardest part. I used mandrake 9 and it has 
>a realy
>good pre config. And if you want to modify the folder/file permissions 
>from NT/W2k
>PDC then don't use ReiserFS as the filesystem. Use either EXT3 or XFS. 
>Mayby the
>ReiserFS 4 will have the ACL support.
>I have had dificulties with suse and samba. Like my suse8 home server 
>needs a restart
>after 2 days and I don't know the reason why. I just lose the connection 
>to the samba.
>
>So the winbind part was easy to make work in mandrake 9, just need to 
>config smb.conf
>right and thats about it. The PAM is a bit harder (to me at least). PAM 
>is the key for the
>linux end to understand to use the winbind connection. If not correctly 
>cinfigured it can't
>get the authentication from the Win NT/2k PDC.
>
>Here are some links that was helpful for me.
>http://archives.neohapsis.com/archives/pam-list/2001-10/0038.html
>http://ma.ph-freiburg.de/tng/tng-users/2001-06/msg00025.html
>http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html (very helpful)
>
>Hope these help
>
>Mikko Rautiainen
>
>
>Chris McKeever wrote:
>
>>Setup: 
>>	Suse 7.2, Samba 2.2.6
>>	Win 2K PDC
>>
>>Project:
>>I would like to use winbind to authenticate users that do not have local
>>accounts on the linux machine for access to various file and print shares.
>>I have gotten winbind to successfully grab the user and groups from the NT
>>box (verified by getent passwd).  However, I have had little luck obtaining
>>the permission based file share that I would like.
>>
>>Questions:
>>1.  Do users accessing the share need local accounts?
>>	a. if so, is there a way to export users from win2k into linux?
>>2.  Can you use NT groups in the smb.conf file to control access?
>>3.  The documentation on winbind
>>http://us2.samba.org/samba/docs/man/winbindd.8.html almost makes it sound
>>
>as
>
>>if it may be possible to authenticate NT users and grant them login rights
>>(actual session login rights, not samba shares) to the linux machine.  Is
>>this true?  If so is there additional configuration to achieve this
>>
>assuming
>
>>quesiton 1 has been answered and setup properly?
>>4.  Does anyone know of further online winbind documentation?
>>
>>Thanks in advance...
>>
>>Chris McKeever
>>
>>
>>
>>
>
>

-------------- next part --------------
HTML attachment scrubbed and removed


More information about the samba mailing list