[Samba] solaris9+winbind+getent
return of foo
rumblesnort at gmail.com
Tue Jan 8 14:53:09 GMT 2008
I've searched the mailing list archives and google and seen quite a bit of
this with no solutions. Was hoping to reach out here and find someone who
has this working.
1. Solaris 9 (sparc)
2. Samba 3.0.28
3. ADS enabled, trying to integrate with a Win2k AD setup
wbinfo works great. I can pull all the groups/users just fine. I've read
where we need to kill the nscd daemon, done and no difference. Does anyone
have all this working on Solaris 9? I had to download/compile latest
kerberos (MIT), openldap, etc, and we have everything working great on our
linux machines. 'getent group' comes up with just the local groups.
pam.conf:
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
login auth optional /usr/lib/security/pam_winbind.so
try_first_pass
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_auth.so.1
rlogin auth optional /usr/lib/security/pam_winbind.so
try_first_pass
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_auth.so.1
other auth optional /usr/lib/security/pam_winbind.so
try_first_pass
passwd auth required pam_passwd_auth.so.1
cron account required pam_projects.so.1
cron account required pam_unix_account.so.1
other account requisite pam_roles.so.1
other account required pam_projects.so.1
other account required pam_unix_account.so.1
other account sufficient /usr/lib/security/pam_winbind.so
other session required pam_unix_session.so.1
other session sufficient /usr/lib/security/pam_winbind.so
try_first_pass
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
#rlogin auth optional pam_krb5.so.1 try_first_pass
#login auth optional pam_krb5.so.1 try_first_pass
#other auth optional pam_krb5.so.1 try_first_pass
#cron account optional pam_krb5.so.1
#other account optional pam_krb5.so.1
#other session optional pam_krb5.so.1
#other password optional pam_krb5.so.1 try_first_pass
-----
/etc/nsswitch.conf:
passwd: files winbind
group: files winbind
# You must also set up the /etc/resolv.conf file for DNS name
# server lookup. See resolv.conf(4).
hosts: files dns wins
ipnodes: files wins
# Uncomment the following line and comment out the above to resolve
# both IPv4 and IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on, consult
# the Network Administration Guide for more details on using IPv6.
#ipnodes: files dns
networks: files winbind
protocols: files winbind
rpc: files winbind
ethers: files
netmasks: files winbind
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system will
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files winbind
automount: files windbind
aliases: files
services: files
sendmailvars: files
printers: user files
auth_attr: files
prof_attr: files
project: files
------
Thanks in advance..
More information about the samba
mailing list