[Samba] LDAP, Active Directory, Redhat 9 Clients

Patrick liststhor at firerun.net
Mon Nov 24 17:37:31 GMT 2003 

su uses /etc/pam.d/su, so if that does not have winbind support then it 
will not accept the user.  An easy way to configure pam on RedHat is to 
use authconfig.  It has an option for windows authentication.  When it 
is turned on it will add the winbind lines to /etc/pam.d/system-auth 
which all pam files on RedHat point to.  The down side to this is they 
will be able to use anything that requires a password.   So for example 
it you have remote x-logins enabled they would be able to login to an 
x-session.

Patrick

Kenneth Savoy wrote:

>I have configured winbind and pam. I start the samba daemons in the following order : smbd, nmbd, winbindd. wbinfo shows users and groups. so does getent. If  I open a terminal window and go su THEDOMAIN+user it asks for a password and wont accept anything. my smb.conf,nsswitch.conf, /etc/pam.d/samba, /etc/pam.d/login are below. Using windows server 2003 for AD, I have two servers, two domains, one for each domain. I am only using one domain for now. There is also a seperate LDAP server. Ive looked through the documentation and have not found anything that has corrected the problem. Does LDAP have to be configured in some way or is there something wrong with my configuration?
>
><<SMB.CONF>>
>[global]
>	winbind separator = +
>	workgroup = <<THEDOMAIN>>
>	netbios name = IBPS12
>	server string = clients12
>	security = DOMAIN
>	password server = <<MY PDC>>
>	idmap uid = 10000-20000
>	idmap gid = 10000-20000
>
>
><<NSSWITCH.CONF>>
>passwd:     files winbind
>shadow:     files
>group:      files winbind
>
>hosts:      files dns
>
>bootparams: nisplus [NOTFOUND=return] files
>
>ethers:     files
>netmasks:   files
>networks:   files
>protocols:  files
>rpc:        files
>services:   files
>
>netgroup:   files
>
>publickey:  nisplus
>
>automount:  files
>aliases:    files nisplus
>
><</etc/pam.d/samba>>
>#%PAM-1.0
>auth       required	pam_nologin.so
>auth       required	pam_stack.so service=system-auth
>account    required	pam_stack.so service=system-auth
>session    required	pam_stack.so service=system-auth
>password   required	pam_stack.so service=system-auth
>
><</etc/pam.d/login>>
>#%PAM-1.0
>auth       required     /lib/security/pam_securetty.so
>auth       sufficient   /lib/security/pam_winbind.so
>auth       sufficient   /lib/security/pam_UNIX.so use_first_pass
>auth       required     /lib/security/pam_stack.so service=system-auth
>auth       required     /lib/security/pam_nologin.so
>account    sufficient   /lib/security/pam_winbind.so
>account    required     /lib/security/pam_stack.so service=system-auth
>password   required     /lib/security/pam_stack.so service=system-auth
>session    required     /lib/security/pam_stack.so service=system-auth
>session    optional     /lib/security/pam_console.so
>
>  
>

More information about the samba mailing list