[Samba] Winbind and email server

Dimitri Yioulos dyioulos at firstbhph.com
Fri Mar 31 13:08:04 GMT 2006 

OK, here's the samba module:

#%PAM-1.0
auth       required     pam_nologin.so
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
session    required     pam_mkhomedir.so skel=/etc/skel umask=0022
session    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth

and here's system-auth:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    required      /usr/lib/security/pam_sso.so.1
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok 
md5 shadow
#password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

If you need more, please let me know.

Dimitri


On Thursday March 30 2006 5:45 pm, Paul Matthews wrote:
> how about you post your pam module here, you might have it configured to
> require both local and winbind users instead of either or
>
> Paul Matthews
> I.T Trainee | The Cathedral School
> Ph  (07) 47222 194 |  Fax (07) 47222 111
> PO Box 944 Aitkenvale Q 4814
> E:  paul.matthews at cathedral.qld.edu.au
> W: www.cathedral.qld.edu.au
>
> Anglican coeducation | Day and Boarding | Early Childhood to Year 12
> Educating for life-long success
>
> ***************************************************************************
>*
> ***************************************************************************
>* ***********************************
>
> IMPORTANT NOTICE REGARDING CONFIDENTIALITY
>
> This electronic email message is intended only for the addressee and may
> contain confidential information. If you are not the addressee, you are
> notified that any transmission, distribution or photocopying of this email
> is strictly prohibited. The confidentiality attached to this email is not
> waived, lost or destroyed by reasons of a mistaken delivery to you.
>
> -----Original Message-----
> From: Dimitri Yioulos [mailto:dyioulos at firstbhph.com]
> Sent: Friday, 31 March 2006 8:33 AM
> To: Paul Matthews
> Subject: Re: [Samba] Winbind and email server
>
>
> top-posting by necessity ...
>
> Hi, Paul.
>
> Alas, my nsswitch.conf is properly configured.  Any other ideas?
>
> Dimitri
>
> On Thursday March 30 2006 5:12 pm, you wrote:
> > well the problem i think your having is that you have not edited the
> > /etc/nsswitch.conf file.
> >
> > change from
> >
> > passwd:     files
> > shadow:     files
> > group:       files
> >
> > to:
> >
> > passwd:     winbind files
> > shadow:     winbind files
> > group:      winbind files
> >
> > or something along those lines, play with the /etc/nsswitch.conf to find
> > the right configuration for you.
> >
> > check out the post i've made on my website about how we use have setup my
> > mail system, i think i've done it fairly well
> >
> > http://www.yourhowto.org/content/view/25/9/
> >
> > Paul Matthews
> > I.T Trainee | The Cathedral School
> > Ph  (07) 47222 194 |  Fax (07) 47222 111
> > PO Box 944 Aitkenvale Q 4814
> > E:  paul.matthews at cathedral.qld.edu.au
> > W: www.cathedral.qld.edu.au
> >
> > Anglican coeducation | Day and Boarding | Early Childhood to Year 12
> > Educating for life-long success
>
> ***************************************************************************
>
> >*
>
> ***************************************************************************
>
> >* ***********************************
> >
> > IMPORTANT NOTICE REGARDING CONFIDENTIALITY
> >
> > This electronic email message is intended only for the addressee and may
> > contain confidential information. If you are not the addressee, you are
> > notified that any transmission, distribution or photocopying of this
> > email is strictly prohibited. The confidentiality attached to this email
> > is not waived, lost or destroyed by reasons of a mistaken delivery to
> > you.
> >
> > -----Original Message-----
> > From: samba-bounces+paul.matthews=cathedral.qld.edu.au at lists.samba.org
> > [mailto:samba-bounces+paul.matthews=cathedral.qld.edu.au at lists.samba.org
> > ]On Behalf Of Dimitri Yioulos
> > Sent: Friday, 31 March 2006 1:53 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] Winbind and email server
> >
> >
> > Folks,
> >
> > Sincere apologies for asking this again, but I'm just not getting this to
> > work, and must be missing something here:
> >
> > My company's network is based around a Windows 2003 server AD, with
>
> several
>
> > RHEL AS 3 boxes connected to it via samba (3.0.21c-1).  This scheme works
> > very well.  I've set up, and have successfully been using a
> > sendmail-based email system, too.
> >
> > My issue is this:  When I create a user account in AD, I have to also
> > create it in the mail server.  This is inconvenient and inefficient.
> >
> > I have samba installed on the mail server. I also have the mkhomedir
>
> module
>
> > installed, and the appropriate line to invoke it is in the samba, pop,
> > and smtp.sendmail config files under /etc/pam.d.  My users are using the
> > Outlook 2003 mail client.  If I create a user in the email server, then
> > Outlook has no problem connecting to the mail server using the user's
> > credentials from the email server.  But, if the user is only created in
>
> AD,
>
> > then Outlook complains that the incoming pop server won't authenticate
> > the user, despite the fact that winbind is fired up, wbinfo -u shows the
> > user, and getent passwd shows the user's credentials.  Arrrgh!  IMHO,
> > this is
>
> the
>
> > one small thing that keeps this from being a really great system.
> >
> > Can anybody show me the way to get over the hump?
> >
> > Many thanks.
> >
> > Dimitri
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list