ham,Re: [Samba] Samba Domain authentication and shares

Dale Schroeder dale at BriannasSaladDressing.com
Wed Feb 14 22:06:48 GMT 2007 

In Debian, it is in /etc/pam.d/login. Setup example is at the bottom of:
http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1

The Redhat example is on the next page:
http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_2

Other versions should be similar.

Dale



Kevin Gutch wrote:
> These are great suggestions I am going to try. do you have a sample of
> your pam.conf or is it the pam_smb.conf? Not sure how it should be setup.
>
> Dale Schroeder wrote:
>   
>> Kevin,
>>
>> When I had getent issues, it turned out to be the "idmap backend"
>> parameter that got me.  I should have left it at the default, but didn't.
>> Is your pam login file set up for winbind?
>> Although it seems only vaguely related to your problem, there was an
>> issue about connecting _from_ a W2K3 system listed here: 
>> http://lists.samba.org/archive/samba/2007-January/128589.html .
>> I don't know is that is an issue for you or not.
>>
>> If none of these help you, you will need to post your smb.conf and
>> Samba version to let the real experts diagnose.  I comment on what
>> burned me. ;-)
>>
>> Good luck,
>>
>> Dale
>>
>> Kevin Gutch wrote:
>>     
>>> Dale,
>>>
>>> Thanks for the link. I have read it over and it seems that my error is
>>> probably in winbind. All of these command work.
>>> *
>>> net ads join -U Administrator*
>>> wbinfo -u
>>> wbinfo -g
>>> net ads info
>>>
>>> However, the "winbind getent passwd" indicates the passwords are still
>>> coming from the local machine. I can provide you with whatever files you
>>> would like to see.
>>> Below is my nsswitch.conf  file:
>>>
>>> Thanks in advance.
>>>
>>>
>>> #
>>> # /etc/nsswitch.conf
>>> #
>>> # An example Name Service Switch config file. This file should be
>>> # sorted with the most-used services at the beginning.
>>> #
>>> # The entry '[NOTFOUND=return]' means that the search for an
>>> # entry should stop if the search in the previous entry turned
>>> # up nothing. Note that if the search failed due to some other reason
>>> # (like no NIS server responding) then the search continues with the
>>> # next entry.
>>> #
>>> # Legal entries are:
>>> #
>>> #    nisplus or nis+        Use NIS+ (NIS version 3)
>>> #    nis or yp        Use NIS (NIS version 2), also called YP
>>> #    dns            Use DNS (Domain Name Service)
>>> #    files            Use the local files
>>> #    db            Use the local database (.db) files
>>> #    compat            Use NIS on compat mode
>>> #    hesiod            Use Hesiod for user lookups
>>> #    [NOTFOUND=return]    Stop searching if not found so far
>>> #
>>>
>>> # To use db, put the "db" in front of "files" for entries you want to be
>>> # looked up first in the databases
>>> #
>>> # Example:
>>> #passwd:    db files nisplus nis
>>> #shadow:    db files nisplus nis
>>> #group:     db files nisplus nis
>>>
>>> passwd:     compat winbind 
>>> shadow:     compat 
>>> group:      compat winbind 
>>>
>>> #hosts:     db files nisplus nis dns
>>> hosts:      files dns
>>>
>>> # Example - obey only what nisplus tells us...
>>> #services:   nisplus [NOTFOUND=return] files
>>> #networks:   nisplus [NOTFOUND=return] files
>>> #protocols:  nisplus [NOTFOUND=return] files
>>> #rpc:        nisplus [NOTFOUND=return] files
>>> #ethers:     nisplus [NOTFOUND=return] files
>>> #netmasks:   nisplus [NOTFOUND=return] files    
>>>
>>> bootparams: nisplus [NOTFOUND=return] files
>>>
>>> ethers:     files
>>> netmasks:   files
>>> networks:   files
>>> protocols:  files winbind
>>> rpc:        files
>>> services:   files winbind
>>>
>>> netgroup:   files winbind
>>>
>>> publickey:  nisplus
>>>
>>> automount:  files winbind
>>> aliases:    files nisplus
>>>
>>>
>>> --------------------------------------------------------------------------------------------------
>>>
>>> Dale Schroeder wrote:
>>>   
>>>       
>>>> Kevin,
>>>>
>>>> Without your Samba version and smb.conf, it is hard to diagnose what
>>>> the problem might be.
>>>> Since many use "security = ADS" and winbind to authenticate against a
>>>> W2K3 domain, see if these resources are of any help to you:
>>>>
>>>> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
>>>> http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1
>>>>
>>>>
>>>> Dale
>>>>
>>>> Kevin Gutch wrote:
>>>>     
>>>>         
>>>>> Hello,
>>>>> Mime-Version: 1.0
>>>>> Content-Transfer-Encoding: 7bit
>>>>> Content-Type: text/plain; charset=ISO-8859-1
>>>>>
>>>>> I have been able to use Samba to join our Win2003 domain. I have also
>>>>> setup folders and permissions in the smb.conf file. I can browser to the
>>>>> Samba Shares 2 ways, thru network neighborhood and by UNC/ip address.
>>>>> Both of these methods prompt me for login which is not successful. I
>>>>> assumed that if I userA had permissions to a folder in the smb.conf file
>>>>> that Windows userA would e able to access wit no problems as long as he
>>>>> was logged onto the domain.
>>>>>
>>>>> Does anyone have any suggestions or troubleshooting tips?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Kevin
>>>>>   
>>>>>       
>>>>>           
>>>   
>>>       
>
>

More information about the samba mailing list