[Samba] Problem with Login Shell in User Information using Winbind
Philipoff, Andrew
aphilipoff at medicine.ucsf.edu
Thu Jun 5 02:36:10 GMT 2008
Edit your smb.conf and restart smbd:
Change:
template shell = /bin/false
To:
template shell = /bin/bash
Be careful in enabling this as it will potentially allow all domain users to login with a shell. We add the following to /etc/pam.d/sshd to restrict ssh shell access to specific AD and local groups (substitute your AD or local group for group_name):
account sufficient pam_succeed_if.so user ingroup group_name
You'll need to restart sshd after editing /etc/pam.d/sshd. Note that you'll also need to add any local users/groups that need ssh access. I found how to do this here:
http://blogs.sun.com/tkblog/entry/integrating_linux_with_active_directory
http://linux.die.net/man/8/pam_succeed_if
You could also add AD users to a local group and use it in /etc/pam.d/sshd instead of an AD group.
Andrew Philipoff
Information Systems
Department of Medicine, UCSF
-----Original Message-----
From: samba-bounces+aphilipoff=medicine.ucsf.edu at lists.samba.org [mailto:samba-bounces+aphilipoff=medicine.ucsf.edu at lists.samba.org] On Behalf Of Aniket Bharaswadkar
Sent: Wednesday, June 04, 2008 4:32 PM
To: samba at lists.samba.org
Subject: [Samba] Problem with Login Shell in User Information using Winbind
Hi all
I am trying to get windows AD logins to work with Fedora 8/9 linux.I had
the same setup working well with fedora 7 , but with fedora 8/9 the
problem is whenever I do "getent passwd 'username'" the login shell is
listed as /bin/false and users cannot login , even though I have set it
to use template shell= /bin/bash in the smb.conf configuration file.
Also I have made the necessary changes to krb.conf , krb.realms and
krb5.conf files for kerberos configuration and obtained the tickets
using "kinit" . "klist" shows that I have the tickets.
I have enabled pam_mkhomedir.so , so if I try my windows AD login by
doing "su username" , it shows messages about creating home directory ,
and gets me back to my local user prompt, due to no login shell. Also,
if I input the wrong password , it says wrong password. So
authentication seems working fine. For more info , here is the output of
getent ,
admin:*:16777216:16777216:admin:/home/ASURITE/admin:/bin/false
I am running samba 3.2.0-rc1 version which shipped with Fedora 9 .
Please advise me how to set the login shells as /bin/bash, as currently
no domain users can login to my server.
Aniket
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list