[Samba] Winbind and email server]
Paul Matthews
paul.matthews at cathedral.qld.edu.au
Sat Apr 1 02:39:24 GMT 2006
okay, im far from a pam expert, but i don't see any mention of winbind there?
It's my weekend at the moment so i can't get to my test box at work to
show you my pam module using winbind, but maybe you should check out this
page on my website, it's using ldap try and use this and replace any
mention of ldap with winbind
http://www.yourhowto.org/content/view/35/9/
or
i have a how-to for authenticating against Active directories using LDAP
http://www.yourhowto.org/content/view/34/9/
check it out, i'm sure that that wont need a local users as well, i'll be
back at work on monday and can probably help you more, but give those two
a go, see if anything comes from them
> OK, here's the samba module:
>
> #%PAM-1.0
> auth required pam_nologin.so
> auth required pam_stack.so service=system-auth
> account required pam_stack.so service=system-auth
> session required pam_mkhomedir.so skel=/etc/skel umask=0022
session required pam_stack.so service=system-auth
> password required pam_stack.so service=system-auth
>
> and here's system-auth:
>
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run. auth
required /lib/security/$ISA/pam_env.so
> auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
>
> account required /lib/security/$ISA/pam_unix.so
>
> password required /lib/security/$ISA/pam_cracklib.so retry=3
typepassword required /usr/lib/security/pam_sso.so.1
> password sufficient /lib/security/$ISA/pam_unix.so nullok
> use_authtok
> md5 shadow
> #password required /lib/security/$ISA/pam_deny.so
>
> session required /lib/security/$ISA/pam_limits.so
> session required /lib/security/$ISA/pam_unix.so
>
> If you need more, please let me know.
>
> Dimitri
>
>
> On Thursday March 30 2006 5:45 pm, Paul Matthews wrote:
>> how about you post your pam module here, you might have it configured
to require both local and winbind users instead of either or
>>
>> Paul Matthews
>> I.T Trainee | The Cathedral School
>> Ph (07) 47222 194 | Fax (07) 47222 111
>> PO Box 944 Aitkenvale Q 4814
>> E: paul.matthews at cathedral.qld.edu.au
>> W: www.cathedral.qld.edu.au
>>
>> Anglican coeducation | Day and Boarding | Early Childhood to Year 12
Educating for life-long success
>>
>> ***************************************************************************
>>*
>> ***************************************************************************
>>* ***********************************
>>
>> IMPORTANT NOTICE REGARDING CONFIDENTIALITY
>>
>> This electronic email message is intended only for the addressee and
may contain confidential information. If you are not the addressee, you
are notified that any transmission, distribution or photocopying of
this email
>> is strictly prohibited. The confidentiality attached to this email is not
>> waived, lost or destroyed by reasons of a mistaken delivery to you.
>>
>> -----Original Message-----
>> From: Dimitri Yioulos [mailto:dyioulos at firstbhph.com]
>> Sent: Friday, 31 March 2006 8:33 AM
>> To: Paul Matthews
>> Subject: Re: [Samba] Winbind and email server
>>
>>
>> top-posting by necessity ...
>>
>> Hi, Paul.
>>
>> Alas, my nsswitch.conf is properly configured. Any other ideas?
>>
>> Dimitri
>>
>> On Thursday March 30 2006 5:12 pm, you wrote:
>> > well the problem i think your having is that you have not edited the
/etc/nsswitch.conf file.
>> >
>> > change from
>> >
>> > passwd: files
>> > shadow: files
>> > group: files
>> >
>> > to:
>> >
>> > passwd: winbind files
>> > shadow: winbind files
>> > group: winbind files
>> >
>> > or something along those lines, play with the /etc/nsswitch.conf to
>> find
>> > the right configuration for you.
>> >
>> > check out the post i've made on my website about how we use have setup
>> my
>> > mail system, i think i've done it fairly well
>> >
>> > http://www.yourhowto.org/content/view/25/9/
>> >
>> > Paul Matthews
>> > I.T Trainee | The Cathedral School
>> > Ph (07) 47222 194 | Fax (07) 47222 111
>> > PO Box 944 Aitkenvale Q 4814
>> > E: paul.matthews at cathedral.qld.edu.au
>> > W: www.cathedral.qld.edu.au
>> >
>> > Anglican coeducation | Day and Boarding | Early Childhood to Year 12
Educating for life-long success
>>
>> ***************************************************************************
>>
>> >*
>>
>> ***************************************************************************
>>
>> >* ***********************************
>> >
>> > IMPORTANT NOTICE REGARDING CONFIDENTIALITY
>> >
>> > This electronic email message is intended only for the addressee and
>> may
>> > contain confidential information. If you are not the addressee, you
>> are
>> > notified that any transmission, distribution or photocopying of this
email is strictly prohibited. The confidentiality attached to this
>> email
>> > is not waived, lost or destroyed by reasons of a mistaken delivery to
you.
>> >
>> > -----Original Message-----
>> > From:
samba-bounces+paul.matthews=cathedral.qld.edu.au at lists.samba.org
[mailto:samba-bounces+paul.matthews=cathedral.qld.edu.au at lists.samba.org
]On Behalf Of Dimitri Yioulos
>> > Sent: Friday, 31 March 2006 1:53 AM
>> > To: samba at lists.samba.org
>> > Subject: [Samba] Winbind and email server
>> >
>> >
>> > Folks,
>> >
>> > Sincere apologies for asking this again, but I'm just not getting this
>> to
>> > work, and must be missing something here:
>> >
>> > My company's network is based around a Windows 2003 server AD, with
>>
>> several
>>
>> > RHEL AS 3 boxes connected to it via samba (3.0.21c-1). This scheme
>> works
>> > very well. I've set up, and have successfully been using a
>> > sendmail-based email system, too.
>> >
>> > My issue is this: When I create a user account in AD, I have to also
create it in the mail server. This is inconvenient and inefficient.
>> >
>> > I have samba installed on the mail server. I also have the mkhomedir
>>
>> module
>>
>> > installed, and the appropriate line to invoke it is in the samba,
pop, and smtp.sendmail config files under /etc/pam.d. My users are
using
>> the
>> > Outlook 2003 mail client. If I create a user in the email server,
>> then
>> > Outlook has no problem connecting to the mail server using the user's
credentials from the email server. But, if the user is only created
>> in
>>
>> AD,
>>
>> > then Outlook complains that the incoming pop server won't
authenticate the user, despite the fact that winbind is fired up,
wbinfo -u shows
>> the
>> > user, and getent passwd shows the user's credentials. Arrrgh! IMHO,
this is
>>
>> the
>>
>> > one small thing that keeps this from being a really great system.
>> >
>> > Can anybody show me the way to get over the hump?
>> >
>> > Many thanks.
>> >
>> > Dimitri
>> >
>> > --
>> > This message has been scanned for viruses and
>> > dangerous content by MailScanner, and is
>> > believed to be clean.
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
--
Paul Matthews
I.T Trainee | The Cathedral School
Ph (07) 47222 194 | Fax (07) 47222 111
PO Box 944 Aitkenvale Q 4814
E: paul.matthews at cathedral.qld.edu.au
W: www.cathedral.qld.edu.au
Anglican coeducation | Day and Boarding | Early Childhood to Year 12
Educating for life-long success
****************************************************************************
****************************************************************************
***********************************
IMPORTANT NOTICE REGARDING CONFIDENTIALITY
This electronic email message is intended only for the addressee and may
contain confidential information. If you are not the addressee, you are
notified that any transmission, distribution or photocopying of this email
is strictly prohibited. The confidentiality attached to this email is not
waived, lost or destroyed by reasons of a mistaken delivery to you.
--
Paul Matthews
I.T Trainee | The Cathedral School
Ph (07) 47222 194 | Fax (07) 47222 111
PO Box 944 Aitkenvale Q 4814
E: paul.matthews at cathedral.qld.edu.au
W: www.cathedral.qld.edu.au
Anglican coeducation | Day and Boarding | Early Childhood to Year 12
Educating for life-long success
****************************************************************************
****************************************************************************
***********************************
IMPORTANT NOTICE REGARDING CONFIDENTIALITY
This electronic email message is intended only for the addressee and may
contain confidential information. If you are not the addressee, you are
notified that any transmission, distribution or photocopying of this email
is strictly prohibited. The confidentiality attached to this email is not
waived, lost or destroyed by reasons of a mistaken delivery to you.
More information about the samba
mailing list