[Samba] RE: Samba with winbind setup but some glitches
Sheldon, Jason
JSheldon at smithcarter.com
Tue Mar 11 17:05:48 GMT 2003
I typed that question up rather hastily last night before leaving work:
I'll add that i'm running Redhat 8.0, Samba 2.2.7a --with-pam (should have
done --with-winbind, but i didn't know about that with option until after).
Another note: i had just freshly installed Redhat 8.0 with absolutely no
smb/samba options -so i've had to setup pretty much everything by hand -
scripts and all. (of course, i wasn't bright enough to realize that the
samba source comes with the init.d run scripts until after..!)
1. what i want: To physically login to the linux box with my NT 4.0 domain
username, and have access to all the domain shares/printers/email as if i
were on a windows machine. i realize the only way to connect to native
exchange server and have contacts/calender function is to use ximian
evolution with the connector- which you have to pay for...pop3 works okay i
guess.
2. issue 1> I am able to login, but I'm finding it difficult to browse the
windows shares - as said in the previous message, if i open Konqueror and
type smb://pcnetbiosname i get a prompt to provide login creds, then it
displays the shares, then i click the share i want, then it asks again for
login credentials, then it just sits there thinking...
in your guys' experience what are some of the better "Network Neighborhood"
browsers?/best way to connect to windows shares with the gui? (KDE or GNOME)
issue 2> when i login from the shell, I get a "id: cannot find name for
group ID 10000" . If i login at the X login it seems to authenticate right,
but then it just brings me right back to the login screen...
issue 3 smbd> there are multiple smbd daemons running...so far not more than
2, maybe 3..when i restart the daemon /etc/rc.d/init.d/smb restart - it
loads nmbd and smbd just fine, and there is only one of each. i'll look
back a while later and there are a couple smbd's..is this normal? Does smbd
run an instance for each connection?
issue 4 smbstatus> when i lookup smbstatus - it displays that i have a
connection to 10.100.101.1 which is an NT 4.0 PDC on a different subnet
(same subnet mask) -it doesn't display the PDC on my local subnet...strange?
in my smb.conf it's supposed to connect to 10.100.100.1 --
question 5> is this setup supposed to be case sensitive when loggin in with
Domain+username and password? my NT passwords (and even one of my logins)
contain both upper and lowercase + numerical characters
3. what i did:
configured samba from /usr/local/src/samba-2.2.7a --with-smbmount --with-pam
(should have added winbind? any others?)
configured smb.conf: (it's in /usr/local/samba/lib/smb.conf)
------------------------------------------------
[global]
name resolve order = wins lmhosts bcast
wins server = 10.100.100.1
wins support = no
domain master = no
local master = no
os level = 0
preferred master = no
workgroup = INFORMANT
server string = PC118
netbios name = PC118
security = domain
password server = SRV01 SRV02 #(PDC and BDC respectively)
encrypt passwords = yes
smb passwd file = /usr/local/samba/private/smbpasswd
winbind separator = +
winbind gid = 10000-20000
winbind uid = 10000-20000
winbind enum groups = yes
winbind enum users = yes #(there are about 85 users on our domain, and
only 9 groups)
template shell = /bin/bash
template homedir = /home/%D/%U
[public] #it was just a quick attempt to create a domain accessible share
for anyone,i can open the share but cannot write to it.
path = /transfer ##which has drwxr-xr-x permissions owned by root##
guest ok = yes
writeable = yes
---------------------------------
i have the scripts for nmbd/smbd/winbindd in /etc/rc.d/init.d/smb and
/etc/rc.d/init.d/winbindd - with symlinks to rc3, rc5, and rc6 (K)
i did:
touch /var/cache/samba/unexpected.tdb #(though i have no clue what this
does)
I joined the domain successfully with
[ root at pc118 <mailto:root at pc118> /] smbpasswd -j INFORMANT -r SRV01 -U
Administrator #(password entered when prompted)
joined domain successfully
I edited /etc/nsswitch.conf so that
passwd: files winbind
shadow: files nisplus
group: files winbind
I tested wbinfo -u and -g, it gets users/groups from domain.
/]getent passwd gets a password list from domain (is it supposed to save
them in /etc/passwd or anywhere else or just DISPLAY the domain
users/passwords? it displays them, but doesn't save them anywhere. i
assume that's correct).
created home dir for domain users: mkdir /home/INFORMANT chmod 755
/home/INFORMANT
from samba-2.2.7a/source/]# cp nsswitch/pam_winbind.so /lib/security
/]# chmod 755 /lib/security/pam_winbind.so
samba-2.2.7a/source /]# cp nsswitch/libnss_winbind.so /lib chmod 755
/lib/libnss_winbind.so
/]# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Edited PAM modules /etc/pam.d/system-auth
#%PAM-1.0
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
-----------
edited /etc/pam.d/login
#%Pam-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0022
After all that i also did the mksmbpasswd.sh as instructed in the
Encryption.html (i think it was encryption) - is this necessary when running
security = domain with winbind??
[root at pc118 private/]# chmod 500 .; chmod 600 smbpasswd
here are my startup scripts:
/etc/rc.d/init.d/smb
------------------------------------------
#!/bin/sh
#
#chkconfig: - 91 35
#
# source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
#Check that smb.conf exists
[ -f /usr/local/samba/lib/smb.conf ] || exit 0
RETVAL=0 #(this means "return value"? i'm not a programmer, so i was
curious about this parameter.)
# See how we were called.
case "$1" in
start)
killall smbd
killall nmbd
echo -n "Starting SMB services: "
/usr/local/samba/bin/smbd -D
echo -n "Starting NMB services: "
/usr/local/samba/bin/nmbd -D
echo
;;
stop)
killall smbd
killall smbd
;;
restart)
$0 stop
$0 start
RETVAL=$?
;;
reload)
kill -SIGHUP `cat /usr/local/samba/var/locks/smbd.pid`
kill -SIGHUP `cat /usr/local/samba/var/locks/nmbd.pid`
;;
status)
statusproc /usr/local/samba/bin/smbd #(note> statusproc seems to be an
unkown command on my system)
statusproc /usr/local/samba/bin/nmbd
RETVAL=$?
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
esac
exit $RETVAL
---------------------------------------------------------
is the winbindd daemon script pertinent?
I basically pieced the smb script together from snippets i found on the web,
i suppose i could copy over the sample script found in the examples file in
the samba source - would this solve my multiple smbd issue?
Thanks again for any insight you can offer me on the above problems!
If anyone finds this step-by-step samba/winbind for NT 4.0 domain useful,
that's great too. like i said, it's CLOSE to working nicely..
my goal at the moment is to have a windows 98/nt workstation replacement
machine (linux) to access NT shares/printers/exchange server - for doing day
to day work/emails, nothing to fancy. i just want it to function easily
when manually browsing "network neighborhood" and opening shares/printing.
if at all possible that is...
Jason Sheldon
More information about the samba
mailing list