FW: [Samba] Re: domain groups accessing samba share

VR-Bug Support bugtraq at victoriareal.com
Wed Oct 15 12:44:39 GMT 2003 


-----Original Message-----
From: VR-Bug Support 
Sent: 15 October 2003 13:42
To: 'Gavin Davenport'
Subject: RE: [Samba] Re: domain groups accessing samba share


Hi Gavin,

This is what I have for my /etc/pam.d/login

#%PAM-1.0
auth       required     pam_securetty.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   /lib/security/pam_unix.so nodelay use_first_pass
auth       sufficient   /lib/security/pam_krb5.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    sufficient   /lib/security/pam_krb5.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so

And when I issue getent group or getent passwd it lists both local and ADS users.

Regards,

Luke


-----Original Message-----
From: Gavin Davenport [mailto:gavdav at gavdav.demon.co.uk]
Sent: 15 October 2003 09:05
To: samba at lists.samba.org
Cc: Tim Jordan, Network Services
Subject: RE: [Samba] Re: domain groups accessing samba share


Hiya Tim, Thanks for helping.


Can you post your
smb.conf 
/etc/pam.d/login
wbinfo -g
wbinfo -u
getent passwd
getent group

Here we go:
# Global parameters
[global]
        workgroup = MYDOMAIN
        realm = MYNETWORK.ISP.CO.UK
        server string = Linux Samba Server
        security = ADS
        password server = bashful
        log level = 3
        log file = /var/log/samba/log.%m
        max log size = 100
        smb ports = 445
        announce as = NT Workstation
        name resolve order = host bcast
        wins server = 10.0.0.104
        client signing = Yes
        server signing = Yes
        client use spnego = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        os level = 10
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
#       winbind separator = +
        winbind cache time = 2
#       winbind use default domain = Yes
        comment = Redhat 7.1 Samba
        hosts allow = 127., 10.0.0.

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[Software]
        comment = Software Library
        path = /mnt/largeprimary/software
#       valid users = @MYNETWORK.ISP.CO.UK\"Domain Users"
#       Admin users = @MYNETWORK.ISP.CO.UK\gavdav

[root at potato /root]# more /etc/pam.d/login
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

wbinfo -u
[root at potato /root]# wbinfo -u
MYDOMAIN\gavdav
MYDOMAIN\Guest
MYDOMAIN\Administrator
MYDOMAIN\krbtgt
MYDOMAIN\SUPPORT_388945a0
MYDOMAIN\fbloggs
<snip>

wbinfo -g
[root at potato /root]# wbinfo -g
MYDOMAIN\Domain Computers
MYDOMAIN\Cert Publishers
MYDOMAIN\Domain Users
MYDOMAIN\Domain Guests
MYDOMAIN\RAS and IAS Servers
MYDOMAIN\Group Policy Creator Owners
MYDOMAIN\Schema Admins
MYDOMAIN\Enterprise Admins
MYDOMAIN\Domain Admins
MYDOMAIN\Domain Controllers
<snip>

[root at potato /root]# getent passwd
root:x:0:0:root:/root:/bin/bash
<snip>
xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false
gdm:x:42:42::/home/gdm:/bin/bash
gavdav:x:500:500:Gavin Davenport:/home/gavdav:/bin/bash
named:x:200:200:Nameserver:/var/named:/bin/false
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin

[root at potato /root]# getent group
root:x:0:root
<snip>
nobody:x:99:
users:x:100:gavdav
<snip>
xfs:x:43:
gdm:x:42:
gavdav:x:500:
vcsa:x:69:

getent and setent are listing local users and groups.

What do I need to change in /etc/pam.d/login to fix it ?
Where should I be looking for help ?

Thanks very much

Gavin Davenport
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

_____________________________________________________________________
This e-mail and all attachments have been scanned by the HighSpeed Office virus scanning service powered by MessageLabs and no known viruses were detected.

______________________________________________________________________
Any views or opinions expressed in this e-mail are solely those of the author and do not necessarily represent those of ENDEMOL UK plc unless specifically stated.
This email and the information it contains are confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error please notify us immediately and delete the copy you have received from your system.
You should not copy it for any purpose, re-transmit it, use it or disclose its contents to any other person. If you suspect the message may have been intercepted or amended please call the sender.

More information about the samba mailing list