[Samba] Authenticating against a Windows 2000 DC?
Chris Palmer
chris.palmer at geneed.com
Sun Jan 5 03:30:00 GMT 2003
> From: Daniel Wittenberg [mailto:daniel-wittenberg at uiowa.edu]
> I don't have a url handy at the moment, but you want to look at using
> winbind, it'll do what you're looking for.
Thanks for the clue. :)
I found documentation for it at http://myserver:901/swat/help/winbindd.8.html. I followed the directions there to the letter, although I only changed /etc/pam.d/samba, none of the others. (Should I change any of the others?)
However, "getent passwd" and "getent group" show only the contents of my /etc/passwd and /etc/group, and not the stuff from my Windows domain. Also, I cannot log into SWAT anymore (!) -- although I can mount Samba shares on my Windows workstation using my Linux username and password (but not my Windows username/password).
So clearly I'm missing some critical step.
winbindd, smbd and nmbd are all running. My /etc/nsswitch.conf is as follows:
===
passwd: files winbind
shadow: files nisplus
group: files winbind
hosts: files nisplus dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files nisplus
rpc: files
services: files nisplus
netgroup: files nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
===
(I am not using nisplus, btw.)
Here is /etc/pam.d/samba:
===
#%PAM-1.0
account required /lib/security/pam_winbind.so
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
===
And the [global] section of /etc/samba/smb.conf:
===
[global]
security = domain
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%D/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
password server = *
workgroup = GENEEDINC
netbios name = DEV
server string = Dev Samba Server
encrypt passwords = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*al
l*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
guest account =
printing = lprng
===
Does anyone have any idea what I'm missing? Thanks in advance, again.
--
Chris Palmer Systems Programmer GeneEd
More information about the samba
mailing list