[Samba] Samba Winbind and NT PDC
vipulsharma at linuxmail.org
Mon Sep 6 10:56:42 GMT 2004
I am trying to get my linux box authenticate from an NT PDC.
I am using samba 2.2.11.
The linux box joins the pdc by the smbpasswd -j domain -r pdc -U admin command but
it is not getting authenticated by the PDC .
has anyone tried this and have some info/doc on this ..
this is my system-auth file
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass
auth required /lib/security/pam_deny.so
my login file
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
account sufficient /lib/security/pam_winbind.so
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
passwd: files winbind
shadow: files winbind
group: files winbind
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
auth required /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so
account required pam_stack.so service=system-auth
session required /lib/security/pam_mkhomedir.so skel=/etc/samba/skel umask=0022
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
and my smb.conf extracts
workgroup = NT-Domain-Name or Workgroup-Name
workgroup = WORKGROUP
# Netbios name
netbios name = MACHINE_NAME
# server string is the equivalent of the NT Description field
server string = Samba Server
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 192.168.1. 192.168.2. 127.
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 10
# logging level 0 thru 3, none to most
log level = 1
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = domain
# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
password server = PDC BDC
# Winbind config. My additions.
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind cache time = 15
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
# this is the key, otherwise Exim sees Domain+Username and fails
winbind use default domain = yes
# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
; password level = 8
; username level = 8
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
# The following is needed to keep smbclient from spouting spurious errors
# when Samba is built with support for SSL.
; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the Unix password
# to be kept in sync with the SMB password.
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
# You can use PAM's password change control flag for Samba. If
# enabled, then PAM will be used for password changes when requested
# by an SMB client instead of the program listed in passwd program.
# It should be possible to enable this without changing your passwd
# chat parameter for most setups.
pam password change = yes
Looking forward for a response :)
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
More information about the samba