[Samba] Fw: Winbind-bug Redhat 7.2
David Hoang
dhoang at sito.saic.com
Fri Sep 20 20:52:01 GMT 2002
----- Original Message -----
From: David Hoang
To: samba-bugs at samba.org
Sent: Friday, September 20, 2002 4:20 PM
Subject: Winbind-bug
I am using winbind and I notice it's not letting me logon to my unix box
unless i have created a unix-style account with entries in /etc/passwd & shadow.
I thought winbind was suppose to allow me to logon using my active directory (w2k)
box. I please correct me if I'm wrong.
I read the docs and did the following: smbd, nmbd, winbind all running,
> also able to to domain user/group
> info. with "wbinfo". However still can't su, telnet to the linux box with
> my active directory user account.
>
> In /lib
> ------
> /lib/libnss_winbind.so
> /lib/libnss_winbind.so.2
>
> /etc/nsswitch.conf
> ------------------
> passwd: files winbind
> shadow: files
> group: files winbind
>
> Configure PAM with winbind
> ===================
> #make nsswitch/pam_winbind.so * In source tree
> #cp nsswitch/pam_winbind.so /lib/security *chmod 755 pam_winbind.so
>
> -Enable telnet in xinetd.d, xinetd running
>
> -Added /lib/security/pam_winbind.so to /etc/pam.d/login & su
> [root at caribou pam.d]# more su
> #%PAM-1.0
> auth sufficient /lib/security/pam_rootok.so
> auth sufficient /lib/security/pam_winbind.so
> auth sufficient /lib/security/pam_unix.so use_first_pass
> # Uncomment the following line to implicitly trust users in the "wheel"
> group.
> #auth sufficient /lib/security/pam_wheel.so trust use_uid
> # Uncomment the following line to require a user to be in the "wheel"
group.
> #auth required /lib/security/pam_wheel.so use_uid
> #auth required /lib/security/pam_smb_auth.so
> #auth required /lib/security/pam_stack.so service=system-auth
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> session optional /lib/security/pam_xauth.so
> [root at caribou pam.d]# more login
> #%PAM-1.0
> auth required /lib/security/pam_securetty.so
> auth sufficient /lib/security/pam_winbind.so
> auth sufficient /lib/security/pam_unix.so use_first_pass
> auth required /lib/security/pam_stack.so service=system-auth
> auth required /lib/security/pam_nologin.so
> account sufficient /lib/security/pam_winbind.so
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> session optional /lib/security/pam_console.so
>
> The results:
> [root at caribou pam.d]# su - dhoang
> su: user dhoang does not exist
>
> [root at caribou pam.d]# telnet caribou
> Trying 172.16.2.251...
> Connected to caribou.jvb.jpsd.org (172.16.2.251).
> Escape character is '^]'.
>
> caribou (Linux release 2.4.7-10enterprise #1 SMP Thu Sep 6 16:48:20
EDT
> 2001) (2)
>
> login: dhoang
> Password for dhoang:
> Login incorrect
Please help shed some light:-) Shouldn't winbind allow me to do this?
Or is it just letting me do things like "smbclient" with my active directory
logon/passwd info.
Thanks
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the samba
mailing list