[Samba] Winbind, Pam, And Active Directory
Kenneth Savoy
kensavoy at nbnet.nb.ca
Wed Nov 19 00:56:53 GMT 2003
My smb.conf and nsswitch.conf and /etc/pam.d/samba and login are below. Pam
and winbind are configured. Are my config's correct? I have about 40
workstations using redhat 9. Im using Samba 3.0.0 and I am trying to use a
Windows 2003 Active Directory server for authentication. Using LDAP for
auth.
I can see the users and groups and If i login with the local account root,
open a terminal window and say su <domain+user> it will bring me to a new
shell. Because i am root it won't ask me for a password. If i login with
another local machine account and say su <domain+user> it will prompt for a
password and wont accept anything i give it. When redhat 9 boots I try to
login with <domain+user> and it wont accept anything other than the local
machine accounts.
I issue this command net rpc join -S <MYPDCDOMAINNAME> -U <MYADMINACCT>
I get joined the domain <MYDOMAIN>
winbindd does start
I issue wbinfo -u and it shows all the users on the domain.
I issue wbinfo -g and it shows all the groups on the domain
I issue getent passwd and it shows all the users in UNIX format
I start smb daemons in this order
smbd
nmbd
winbindd
<<SMB.CONF>>
[global]
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%D/%U
idmap uid = 10000-20000
idmap gid = 10000-20000
workgroup = <mydomain>
security = domain
password server = <MY PRIMARY DOMAIN CONTOLLER SERVER> **There is an LDAP
server but if I put that here I cant list users**
<<NSSWITCH.CONF>>
passwd: files winbind
shadow: files
group: files winbind
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
<</etc/pam.d/samba>>
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
<</etc/pam.d/login>>
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_UNIX.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
More information about the samba
mailing list