[Samba] Samba 3.0 and Authentication

Robert Davis rdavisunr at sbcglobal.net
Mon Jan 6 19:24:01 GMT 2003

Hello all.

I would like to be able to grant my windows users
access to the Samba Server, physically logging into
the box, ftp, ssh, telnet, etc.  Additionally, when
they are browsing the network I would like the Samba
Server to create them a home directory on the fly when
they browse to the Samba Server.  Here are all the
relevant configuration files.  I am running redhat 8.0
and win2k pdc.


# Global parameters
        workgroup = DOMAIN.COM
        netbios name = SAMBASERVER

        realm = PDC.DOMAIN.COM
        ADS server = pdc ip address
        server string = %L running Samba Server %v
        security = ADS
        password server = pdc name

        passwd program = /usr/bin/passwd %u

        unix password sync = Yes
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        ldap ssl = no
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        template shell = /bin/bash
        winbind use default domain = No
        template homedir = /home/%U
        winbind separator = +

        comment = Home Directories
        valid users = %D+%S
        read only = No
        create mask = 0664
        directory mask = 0775
        browseable = No


contains these lines

passwd:     files winbind nisplus
shadow:     files winbind nisplus
group:      files winbind nisplus


 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 ticket_lifetime = 24000
 default_realm = DOMAIN.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false

  kdc = ipaddress
  default_domain = domain.com

 .domain.com = DOMAIN.COM
 domain.com = DOMAIN.COM


profile = /var/kerberos/krb5kdc/kdc.conf

 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false



auth       sufficient   /lib/security/pam_winbind.so

auth       required     pam_nologin.so
auth       required     pam_stack.so

account    sufficient   /lib/security/pam_winbind.so

account    required     pam_stack.so

session    required     pam_mkhomedir.so umask=0022
session    required     pam_stack.so
password   required     pam_stack.so


[2003/01/06 11:05:57, 1] nsswitch/winbindd.c:main(817)
  winbindd version 3.0alpha21 started.
  Copyright The Samba Team 2000-2001
[2003/01/06 11:05:57, 1]
[2003/01/06 11:05:57, 1]
  krb5_cc_get_principal failed (No credentials cache
[2003/01/06 11:05:57, 1]
  scanning trusted domain list

So...I am able to join using net ads join and wbinfo
will return users groups and tells me the secret is
good.  I am just stuck with how to set up
authentication??? Can anyone point me in the right
direction????  Thanks


More information about the samba mailing list