[Samba] [Fwd: Winbind under 3.0

Andrew Bartlett abartlet at samba.org
Tue Sep 30 14:00:25 GMT 2003


On Tue, 2003-09-30 at 05:34, Ron Garcia-Vidal wrote:
> Jelmer Vernooij wrote:
> 
> >>So under 2.8 this was happening, until I realized I hadn't installed
> >>libpam-smbpass.  Once I did this, access was granted.  After I upgraded
> >>I checked that all relevant packages were at 3.0beta2 and they were,
> >>including libpam-smbpass.  So am I missing another library?  Am I
> >>missing something in my smb.conf file?  Here's the output of testparm:
> >>    
> >>
> >libpam-smbpass is not required to make samba work correctly. It is of
> >absolutely no use when you put it inside /etc/pam.d/samba.
> >
> Well, under 2.8 it didn't work until I installed that library. Maybe a 
> quirk with my setup.  No biggie, your statement is certainly true for 3.0.
> 
> >>~        obey pam restrictions = Yes
> >>    
> >>
> >^^ obey pam restrictions is only useful if you have 'encrypt passwords =
> >no'

This is incorrect.  'obey pam restrictions' is about using pam's account
and session management code, despite using encrypted passwords.

> >
> I was using obey pam restrictions because I had the line:
> 
> session         required        pam_mkhomedir.so skel=/etc/skel umask=0022

What was the rest of this file? 

> in pam.d/samba, in order to autocreate home directories when users 
> accessed via smb.  Setting "obey pam restrictions" to no (or commenting 
> it out) fixed the access problem I was having (Thanks very much!) but 
> now home directories aren't being autocreated.  This is minor and will 
> probably only result in mild annoyance on the part of my users, but if 
> anyone knows of a way I can have my cake and eat it too, please do tell!

Check what you have for the 'account' line - make sure it's valid by
checking what you have for SSH etc.  Otherwise, this looks like a pretty
normal setup.

Andrew Bartlett

> -- 
> -Ron
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> God's got a heaven for coutnry trash -- Johnny Cash
-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030930/ee1d10d7/attachment.bin


More information about the samba mailing list