Find the answer to your Linux question:
Results 1 to 5 of 5
I have a little lab setup consisting of 1 x samba server 1 x Windows 2003 domain controller 1 x XP pro client I have winbind configured on the samba ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2009
    Posts
    6

    samba login as domain user


    I have a little lab setup consisting of

    1 x samba server
    1 x Windows 2003 domain controller
    1 x XP pro client


    I have winbind configured on the samba server which is connected to the domain successfully and I can use all the winbind commands i.e. wbinfo and getent which return the correct outputs.

    The XP client is also connected to the domain and I would like to setup a share on the samba box and use the winbind users to assign ownership and permissions to the share.
    I can also use the chown command using domain users and this work fine.

    My problem at the moment is that I can't login to the samba sever as a domain users at the moment it just says login failed? i'm sure I should be able to do this what am I missing?

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    sounds like you need to configure pam for winbind
    lots of goodies here
    pam winbind - Google Search

  3. #3
    Just Joined!
    Join Date
    Apr 2009
    Posts
    6
    I think you maybe right, having a little trouble thinking of what config file I should play around with,

    /etc/pam.d/samba
    /etc/pam.d/login
    /etc/pam.d/system-auth (I read somewhere this is generated automatically so might leave that)

    and i'm also interested to know about /etc/pam_smb.conf if anyone knows it's use

    ?

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2008
    Posts
    8
    A cheeky way of doing this is by installing webmin, I was having trouble with users, webmin fixed it for me quickly. But before that You need to make sure that all pam files have been editted to allow it to work.

    on valid users you can add groups or users:

    valid users = steveo, @"support"

    valid users = MAIN+steveo

    These both work, but the second one is for one user only, it will not let you use more then one, if you post your config file I will av a quick peek for ya

  6. #5
    Just Joined!
    Join Date
    Apr 2009
    Posts
    6
    Code:
    [logging]
     default = FILE:/var/log/krb5libs.log
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmind.log
    
    [libdefaults]
     default_realm = COMMSULT.ME
     ticket_lifetime = 24h
     forwardable = yes
    
    [realms]
     COMMSULT.ME = {
      kdc = commsult-dc.commsult.me:88
      default_domain = COMMSULT
     }
    
    #[domain_realm]
    # .example.com = EXAMPLE.COM
    # example.com = EXAMPLE.COM
    
    #[appdefaults]
    # pam = {
    #   debug = false
    #   ticket_lifetime = 36000
    #   renew_lifetime = 36000
    #   forwardable = true
    #   krb4_convert = false
    # }
    Code:
    passwd:     files winbind
    shadow:     files winbind
    group:      files winbind

    Code:
    security = ads
    	workgroup = COMMSULT
    	server string = Samba Server Version %v
    	netbios name = fedora
            server string = Samba Server Version %v
            realm = COMMSULT.ME
            password server = commsult-dc.commsult.me
            idmap uid = 1000 - 299999
    	idmap gid = 300000 - 600000
            winbind enum users = yes
            winbind enum groups = yes
            winbind separator = +
    	winbind use default domain = yes
    #	winbind refresh ticket = yes
    	winbind offline logon = yes
    	client use spnego = yes
            domain master = no
    	auth methods = winbind
    	wins server = 192.168.100.1
    
    [edward]
    	browseable = yes
    	writeable = yes
    	path = /home/humphreyse
    	vaild users = COMMSULT.ME+edward
    
    [public]
    	comment = Public Stuff
    	path = /home/public
    	public = yes
    	writable = yes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •