need winbind help [Archive] - JustLinux Forums

Click to See Complete Forum and Search --> : need winbind help

baz2

10-26-2002, 02:38 PM

Hope someone here can help. If not, maybe someone can point me to another forum somewhere.

I have a Redhat 8.0 server up and running Samba with security=domain. Works fine. Now I'm trying to configure winbind. I'm generally following the following instructions:

http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html#AEN2208

I have smbd and winbindd working together. I can do the "getent passwd" command and see all the winbind extensions to my passwd file for all the users on the domain. But I still cannot get a login, locally or remote.

I've made the following changes, based on the HOWTO:

The /etc/pam.d/login file can be changed nearly the same way. It now looks like this:

auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so

--------------------

What else am I missing? I seem so close.

jumpedintothefire

10-26-2002, 04:20 PM

What are you tring to login to?? the console?? the domain?? need more info....

What are your winbindd setting in smb.conf??

I have this running, the only difference with mine is the order of the account statement.

ie:

account required /lib/security/pam_stack.so service=system-auth
account sufficient /lib/security/pam_winbind.so

baz2

10-26-2002, 11:04 PM

I've tried both a local (console) login, and a remote (ssh) login.

I'm at home now, this computer is at the school lab, and I will not get back to it until Tuesday. But as for the winbind settings, I copied them from from the samba docs exactly:

# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
# might need to disable these next two for performance
# reasons on the winbindd host
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet/sshd/etc... access)
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
----------------

Since getent shows the winbind user names as "DOMAIN+username" this is what I'm entering in the user name field of the logon dialog box. And the DOMAIN password for username, of course.

I'll look into the order of the order of the account statements when I get the chance. But I followed the order in the Samba doc.

jumpedintothefire

10-26-2002, 11:33 PM

----quote---
"DOMAIN+username" this is what I'm entering in the user name field of the logon dialog box
--------

The domain is implied, the box is a member of "domain", try just the "username" and domain password combo.....

edit:

winbindd takes the username entered and adds on the domain before it contacts the pdc to check the domain password on the pdc....

baz2

10-26-2002, 11:35 PM

Okay, I'll try that. Thought I did, but I'll try it again.