Samba - how to put into domain and authenticate (once again)
Grosswiler Roger
roger at gwch.net
Thu Dec 11 08:25:01 UTC 2003
hi nalin,
unfortunately not @home, but trying things out asap. Have once again
inserted the line in pam.d/system-auth. was wondering, as de manual for
winbind says to make one more entry for 'accout' but i left this out to
make sure not making inaccessible my server ;-)
I did this all now on my server. i'll try to login directly on my server.
if this works, i will also implement it on the client. What still confuses
me, is that usually i thought winbind should just run on the server having
smb up and running, not on the clients.
btw. i run FC1 and Samba 3.0
Cheers and many thanks,
Roger
> On Wed, Dec 10, 2003 at 10:33:34PM +0100, Roger Grosswiler wrote:
>> i tried now again, but just entered now in the system-auth the
>> following:
>> auth sufficient /lib/security/$ISA/pam_smb_auth.so
>> use_first_pass nolocal
>
> The pam_smb_auth module is entirely different from winbind -- its
> configuration file is /etc/pam_smb.conf. Its readme file states that
> you should place the domain name on the first line of the file, the name
> of the PDC on the second line, and the names of another PDC on the third
> line.
>
> The pam_smb_auth module can only perform authentication. It can not
> provide needed information about users (UIDs, GIDs, etc.) to programs --
> you'll need something which does this.
>
> Winbind happens to provide modules which can communicate with winbind to
> accomplish both of these. The upside of pam_smb_auth is that you can
> point it at just about any SMB server (probably even a Windows for
> Workgroups server), and it'll work, but winbind needs something at least
> as capable as a PDC. Different tools with different capabilities for
> different-but-similar problems.
>
> Because pam_smb_auth can't provide user information, you need to set up
> *something* which will. If not winbind, then NIS, or LDAP, or hesiod.
> Each of these requires its own server to be set up, because they use
> different protocols which your PDC likely isn't set up to serve.
>
> HTH,
>
> Nalin
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list