ham,Re: [Samba] Samba Domain authentication and shares
Dale Schroeder
dale at BriannasSaladDressing.com
Wed Feb 14 22:06:48 GMT 2007
In Debian, it is in /etc/pam.d/login. Setup example is at the bottom of:
http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1
The Redhat example is on the next page:
http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_2
Other versions should be similar.
Dale
Kevin Gutch wrote:
> These are great suggestions I am going to try. do you have a sample of
> your pam.conf or is it the pam_smb.conf? Not sure how it should be setup.
>
> Dale Schroeder wrote:
>
>> Kevin,
>>
>> When I had getent issues, it turned out to be the "idmap backend"
>> parameter that got me. I should have left it at the default, but didn't.
>> Is your pam login file set up for winbind?
>> Although it seems only vaguely related to your problem, there was an
>> issue about connecting _from_ a W2K3 system listed here:
>> http://lists.samba.org/archive/samba/2007-January/128589.html .
>> I don't know is that is an issue for you or not.
>>
>> If none of these help you, you will need to post your smb.conf and
>> Samba version to let the real experts diagnose. I comment on what
>> burned me. ;-)
>>
>> Good luck,
>>
>> Dale
>>
>> Kevin Gutch wrote:
>>
>>> Dale,
>>>
>>> Thanks for the link. I have read it over and it seems that my error is
>>> probably in winbind. All of these command work.
>>> *
>>> net ads join -U Administrator*
>>> wbinfo -u
>>> wbinfo -g
>>> net ads info
>>>
>>> However, the "winbind getent passwd" indicates the passwords are still
>>> coming from the local machine. I can provide you with whatever files you
>>> would like to see.
>>> Below is my nsswitch.conf file:
>>>
>>> Thanks in advance.
>>>
>>>
>>> #
>>> # /etc/nsswitch.conf
>>> #
>>> # An example Name Service Switch config file. This file should be
>>> # sorted with the most-used services at the beginning.
>>> #
>>> # The entry '[NOTFOUND=return]' means that the search for an
>>> # entry should stop if the search in the previous entry turned
>>> # up nothing. Note that if the search failed due to some other reason
>>> # (like no NIS server responding) then the search continues with the
>>> # next entry.
>>> #
>>> # Legal entries are:
>>> #
>>> # nisplus or nis+ Use NIS+ (NIS version 3)
>>> # nis or yp Use NIS (NIS version 2), also called YP
>>> # dns Use DNS (Domain Name Service)
>>> # files Use the local files
>>> # db Use the local database (.db) files
>>> # compat Use NIS on compat mode
>>> # hesiod Use Hesiod for user lookups
>>> # [NOTFOUND=return] Stop searching if not found so far
>>> #
>>>
>>> # To use db, put the "db" in front of "files" for entries you want to be
>>> # looked up first in the databases
>>> #
>>> # Example:
>>> #passwd: db files nisplus nis
>>> #shadow: db files nisplus nis
>>> #group: db files nisplus nis
>>>
>>> passwd: compat winbind
>>> shadow: compat
>>> group: compat winbind
>>>
>>> #hosts: db files nisplus nis dns
>>> hosts: files dns
>>>
>>> # Example - obey only what nisplus tells us...
>>> #services: nisplus [NOTFOUND=return] files
>>> #networks: nisplus [NOTFOUND=return] files
>>> #protocols: nisplus [NOTFOUND=return] files
>>> #rpc: nisplus [NOTFOUND=return] files
>>> #ethers: nisplus [NOTFOUND=return] files
>>> #netmasks: nisplus [NOTFOUND=return] files
>>>
>>> bootparams: nisplus [NOTFOUND=return] files
>>>
>>> ethers: files
>>> netmasks: files
>>> networks: files
>>> protocols: files winbind
>>> rpc: files
>>> services: files winbind
>>>
>>> netgroup: files winbind
>>>
>>> publickey: nisplus
>>>
>>> automount: files winbind
>>> aliases: files nisplus
>>>
>>>
>>> --------------------------------------------------------------------------------------------------
>>>
>>> Dale Schroeder wrote:
>>>
>>>
>>>> Kevin,
>>>>
>>>> Without your Samba version and smb.conf, it is hard to diagnose what
>>>> the problem might be.
>>>> Since many use "security = ADS" and winbind to authenticate against a
>>>> W2K3 domain, see if these resources are of any help to you:
>>>>
>>>> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
>>>> http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1
>>>>
>>>>
>>>> Dale
>>>>
>>>> Kevin Gutch wrote:
>>>>
>>>>
>>>>> Hello,
>>>>> Mime-Version: 1.0
>>>>> Content-Transfer-Encoding: 7bit
>>>>> Content-Type: text/plain; charset=ISO-8859-1
>>>>>
>>>>> I have been able to use Samba to join our Win2003 domain. I have also
>>>>> setup folders and permissions in the smb.conf file. I can browser to the
>>>>> Samba Shares 2 ways, thru network neighborhood and by UNC/ip address.
>>>>> Both of these methods prompt me for login which is not successful. I
>>>>> assumed that if I userA had permissions to a folder in the smb.conf file
>>>>> that Windows userA would e able to access wit no problems as long as he
>>>>> was logged onto the domain.
>>>>>
>>>>> Does anyone have any suggestions or troubleshooting tips?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Kevin
>>>>>
>>>>>
>>>>>
>>>
>>>
>
>
More information about the samba
mailing list