[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [K12OSN] galeon--winbind/gdm authentication
- From: Chuck Sullivan <chuck cdbird net>
- To: k12osn redhat com
- Subject: Re: [K12OSN] galeon--winbind/gdm authentication
- Date: Sun Apr 6 22:23:03 2003
these are the conf files I created to get winbind to work...
/etc/samba/smb.conf
# Global parameters
[global]
log file = /var/log/samba/%m.log
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
obey pam restrictions = Yes
wins server = ipAddress of winserver
encrypt passwords = yes
winbind uid = 10000-20000
passwd program = /usr/bin/passwd %u
template shell = /bin/bash
dns proxy = No
printing = cups
server string = Linux TermServer
password server = *
winbind gid = 10000-20000
unix password sync = yes
local master = No
template homedir = /u/%D/%U
workgroup = your domainName
security = DOMAIN
create mode = 700
winbind separator = +
max log size = 0
pam password change = Yes
directory mode = 700
[homes]
comment = Home Directories
valid users = %D+%S
read only = No
create mask = 0664
directory mask = 0775
browseable = No
This will share the users home folder on the terminal server, if you
dont want to put the user folders on the termserv comment out the
[homes] share.
********************************************************
/etc/nsswitch.conf add this
passwd: files winbind nisplus
shadow: files winbind nisplus
group: files winbind nisplus
*********************************************************
In /etc/pam.d
system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
use_first_pass
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
************************************************************
login
#New
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
********************************************************************
gdm
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
***********************************************************************
other
#%PAM-1.0
auth required /lib/security/pam_deny.so
account required /lib/security/pam_deny.so
password required /lib/security/pam_deny.so
session required /lib/security/pam_deny.so
***********************************************************************
samba
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
auth required /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so
account required pam_stack.so service=system-auth
session required /lib/security/pam_mkhomedir.so
skel=/etc/samba/skel umask=0022
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
**********************************************************************
Make sure that samba and winbind are off while editing these files. Add
whatever lines to the pam.d files to make them look like these. delete
the file in /etc/samba called secrets.tdb. After adding, start samba
and winbind. I found that restarting the server helped getting PAM to
work after editing the files. After the reboot..
Add your server to the win2k domain...
smbpasswd -j DOMAIN -r PDC -U administrator
test your configuration. wbinfo -u , will show you all domain users
wbinfo -g will show you all domain groups
getenv passwd , will show you the updated password file.
Note in the smb.conf file you have to specify the winbind separator I
used a +, that way it does not get confuesed with \ from windows and /
from unix. You must use this format to log into the termserv clients.
DOMAIN+windowsUsername
the domain must be in caps, and you must include the + sign.
**Note: be Very carefull when editing the PAM files, if you mess them up
you may not be able to log into the terminal server.
Hope this helps
Chuck Sullivan
CDBird.Net
On Fri, 2003-02-28 at 12:38, cliebow downeast net wrote:
> On Fri, 28 Feb 2003, you wrote:
> David: I went to galeon after a little time with phoenix. its gracious with
> citrix and has never gone crackerdog on me. Any thoughts on authentication
> I been beating my head against the wALL TRYING TO AUTHENTICATE TO W2000.
> At this point i believe winbind does authenticate but I get a gdm-binary
> authenticaton error. I played with /etv/pam.d/gdm but the defaults all point to
> system auth. Can't see why? I know I'd just as soon go all linux but this is
> what i got for now. Chuck
>
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://listman.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]