[Samba] pam_winbind

Roberto Mason roberto at rmasonfamily.info
Mon Dec 29 17:55:09 GMT 2003 

I have an environment at home with the following:

1. Samba PDC 2.27A
2. Windows XP Pro, login in to the domain
3. Fedora Core 1 Workstation (with machine account on the domain)

On the Fedora Workstation, smb.conf is fairly simple

[global]
	workgroup = MEPHISTOPHELES
	server string = Samba Server
	security = DOMAIN
	auth methods = winbind
	log file = /var/log/samba/%m.log
	max log size = 50
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	dns proxy = No
	wins server = 192.168.1.10
	ldap ssl = no
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	template shell = /bin/sh

[homes]
	comment = Home Directories
	read only = No
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No

Winbind is running, with I do a getent passwd, among the standard passwd
file entries, I get the following:

MEPHISTOPHELES\roberto:x:10000:10000::/home/MEPHISTOPHELES/roberto:/bin/sh
MEPHISTOPHELES\joann:x:10001:10000::/home/MEPHISTOPHELES/joann:/bin/sh
MEPHISTOPHELES\root:x:10002:10000::/home/MEPHISTOPHELES/root:/bin/sh

I'm not knowedgeable when it comes to PAM configuration, but I configure two
files according to the documentation I read.

login file
#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth
auth       sufficient   /lib/security/pam_winbind.so use_first_pass
account    required     /lib/security/pam_winbind.so
session    required     /lib/security/pam_limits.so
session    required     /lib/security/pam_mkhomedir.so umask=0022
session    optional     /lib/security/pam_console/so

and

gdm file
#%PAM-1.0
auth       required       /lib/security/pam_stack.so service=system-auth
auth       sufficient     /lib/security/pam_winbind.so
account    required     /lib/security/pam_winbind.so
session    required     /lib/security/pam_limits.so
session    optional     /lib/security/pam_console.so
session    required     /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0022

I still can't log in from my work station, using for example the <roberto>
login from the domain. Is anyone able to see where I may have gone wrong.

Thank You
Roberto

More information about the samba mailing list