[Samba] Samba Winbind and NT PDC

vipul sharma vipulsharma at linuxmail.org
Mon Sep 6 10:56:42 GMT 2004 

Hi

I am trying to get my linux box authenticate from an NT PDC.
I am using samba 2.2.11.
The linux box joins the pdc by the smbpasswd -j domain -r pdc -U admin command but
it is not getting authenticated by the PDC .

has anyone tried this and have some info/doc on this ..
this is my system-auth file
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok use_first_pass
auth        required      /lib/security/pam_deny.so


my login file
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   /lib/security/pam_unix.so use_first_pass
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
account    sufficient   /lib/security/pam_winbind.so
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so


my nsswitch.conf
passwd:     files winbind
shadow:     files winbind
group:      files winbind

my /etc/pam.d/samba
#%PAM-1.0
auth       required     pam_nologin.so
auth       required     pam_stack.so service=system-auth
auth       required     /lib/security/pam_winbind.so
account    required     /lib/security/pam_winbind.so
account    required     pam_stack.so service=system-auth
session    required     /lib/security/pam_mkhomedir.so skel=/etc/samba/skel umask=0022
session    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth


and my smb.conf extracts

 workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = WORKGROUP

# Netbios name
   netbios name = MACHINE_NAME

# server string is the equivalent of the NT Description field
   server string = Samba Server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
   hosts allow = 192.168.1. 192.168.2. 127.

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 10

# logging level 0 thru 3, none to most
   log level = 1

# Security mode. Most people will want user level security. See
# security_level.txt for details.
   security = domain

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
   password server = PDC BDC

# Winbind config. My additions.
   winbind separator = +
   winbind uid = 10000-20000
   winbind gid = 10000-20000
   winbind cache time = 15
   winbind enum users = yes
   winbind enum groups = yes
   template homedir = /home/%U
   template shell = /bin/bash
   # this is the key, otherwise Exim sees Domain+Username and fails
   winbind use default domain = yes

# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
;  password level = 8
;  username level = 8

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd

# The following is needed to keep smbclient from spouting spurious errors
# when Samba is built with support for SSL.
;   ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt

# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
#        the encrypted SMB passwords. They allow the Unix password
#        to be kept in sync with the SMB password.
   unix password sync = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

# You can use PAM's password change control flag for Samba. If
# enabled, then PAM will be used for password changes when requested
# by an SMB client instead of the program listed in passwd program.
# It should be possible to enable this without changing your passwd
# chat parameter for most setups.

   pam password change = yes



Looking forward for a response :)

regards
Vipul



-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org 
This allows you to send and receive SMS through your mailbox.


Powered by Outblaze

More information about the samba mailing list