FW: [Samba] Re: domain groups accessing samba share
VR-Bug Support
bugtraq at victoriareal.com
Wed Oct 15 12:44:39 GMT 2003
-----Original Message-----
From: VR-Bug Support
Sent: 15 October 2003 13:42
To: 'Gavin Davenport'
Subject: RE: [Samba] Re: domain groups accessing samba share
Hi Gavin,
This is what I have for my /etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so nodelay use_first_pass
auth sufficient /lib/security/pam_krb5.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account sufficient /lib/security/pam_krb5.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
And when I issue getent group or getent passwd it lists both local and ADS users.
Regards,
Luke
-----Original Message-----
From: Gavin Davenport [mailto:gavdav at gavdav.demon.co.uk]
Sent: 15 October 2003 09:05
To: samba at lists.samba.org
Cc: Tim Jordan, Network Services
Subject: RE: [Samba] Re: domain groups accessing samba share
Hiya Tim, Thanks for helping.
Can you post your
smb.conf
/etc/pam.d/login
wbinfo -g
wbinfo -u
getent passwd
getent group
Here we go:
# Global parameters
[global]
workgroup = MYDOMAIN
realm = MYNETWORK.ISP.CO.UK
server string = Linux Samba Server
security = ADS
password server = bashful
log level = 3
log file = /var/log/samba/log.%m
max log size = 100
smb ports = 445
announce as = NT Workstation
name resolve order = host bcast
wins server = 10.0.0.104
client signing = Yes
server signing = Yes
client use spnego = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
os level = 10
preferred master = No
local master = No
domain master = No
dns proxy = No
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
# winbind separator = +
winbind cache time = 2
# winbind use default domain = Yes
comment = Redhat 7.1 Samba
hosts allow = 127., 10.0.0.
[homes]
comment = Home Directories
read only = No
browseable = No
[Software]
comment = Software Library
path = /mnt/largeprimary/software
# valid users = @MYNETWORK.ISP.CO.UK\"Domain Users"
# Admin users = @MYNETWORK.ISP.CO.UK\gavdav
[root at potato /root]# more /etc/pam.d/login
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
wbinfo -u
[root at potato /root]# wbinfo -u
MYDOMAIN\gavdav
MYDOMAIN\Guest
MYDOMAIN\Administrator
MYDOMAIN\krbtgt
MYDOMAIN\SUPPORT_388945a0
MYDOMAIN\fbloggs
<snip>
wbinfo -g
[root at potato /root]# wbinfo -g
MYDOMAIN\Domain Computers
MYDOMAIN\Cert Publishers
MYDOMAIN\Domain Users
MYDOMAIN\Domain Guests
MYDOMAIN\RAS and IAS Servers
MYDOMAIN\Group Policy Creator Owners
MYDOMAIN\Schema Admins
MYDOMAIN\Enterprise Admins
MYDOMAIN\Domain Admins
MYDOMAIN\Domain Controllers
<snip>
[root at potato /root]# getent passwd
root:x:0:0:root:/root:/bin/bash
<snip>
xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false
gdm:x:42:42::/home/gdm:/bin/bash
gavdav:x:500:500:Gavin Davenport:/home/gavdav:/bin/bash
named:x:200:200:Nameserver:/var/named:/bin/false
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
[root at potato /root]# getent group
root:x:0:root
<snip>
nobody:x:99:
users:x:100:gavdav
<snip>
xfs:x:43:
gdm:x:42:
gavdav:x:500:
vcsa:x:69:
getent and setent are listing local users and groups.
What do I need to change in /etc/pam.d/login to fix it ?
Where should I be looking for help ?
Thanks very much
Gavin Davenport
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
_____________________________________________________________________
This e-mail and all attachments have been scanned by the HighSpeed Office virus scanning service powered by MessageLabs and no known viruses were detected.
______________________________________________________________________
Any views or opinions expressed in this e-mail are solely those of the author and do not necessarily represent those of ENDEMOL UK plc unless specifically stated.
This email and the information it contains are confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error please notify us immediately and delete the copy you have received from your system.
You should not copy it for any purpose, re-transmit it, use it or disclose its contents to any other person. If you suspect the message may have been intercepted or amended please call the sender.
More information about the samba
mailing list