[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: PAM - Winbind - Samba - Domains

Anyone can helpme?

Thx =)

-----Original Message-----
From: fedora-list-bounces redhat com [mailto:fedora-list-bounces redhat com]
On Behalf Of Felipe Abbastante
Sent: Wednesday, June 23, 2004 4:52 PM
To: fedora-list redhat com
Subject: PAM - Winbind - Samba - Domains

Hi list, I've run myself into a problem while I was evaluating Fedora 2.
I'm setting up a workstation with Fedora 2 to join a Microsoft domain that I
have running.  Here is a detailed description of the steps that I've taken:


cat /etc/samba/smb.conf
#Domain Configuration:
workgroup = MY_DOMAIN
security = DOMAIN
password server = MY_PDC
os level = 33 (WIN_NT 4)
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = home/%D/%U
template shell = /bin/shell


cat /etc/nsswitch.conf
passwd:     files winbind
shadow:     files
group:      files winbind


cat /etc/pam_smb.conf


net join (relizado con éxito)
[root 0002]# net join -W MY_DOMAIN -U MY_USER
my_users's password: **********
Joined domain MY_DOMAIN.


WINBIND - wbinfo

[root 0002]# wbinfo -t
checking the trust secret via RPC calls succeeded

[root 0002]# wbinfo -u

[root 0002]# wbinfo -u


[root 0002 /]# getent passwd
DOMAIN+USER1:x:10017:10000:NAME, SECONDNAME:home/DOMAIN/USER1:/bin/shell
DOMAIN+USER2:x:10018:10000:NAME, SECONDNAME:home/DOMAIN/USER2:/bin/shell
DOMAIN+USER3:x:10019:10000:NAME, SECONDNAME:home/DOMAIN/USER3:/bin/shell

[root 0002 /]# getent group


I think that the PAM 1.0 configuration is correct, here are the details:

auth       required     pam_securetty.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   /lib/scurity/pam_unix.so use_firts_pass
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_selinux.so multiple
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_smb_auth.so use_first_pass
auth        sufficient    /lib/security/$ISA/pam_winbind.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100
account     required      /lib/security/$ISA/pam_unix.so
account     [default=bad success=ok user_unknown=ignore]
password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok
md5 shadow
password    sufficient    /lib/security/$ISA/pam_winbind.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so
session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so


Having realized the previous configuration, I ran into the following
Whenever I try to access any workstation already in the Microsoft Domain, I
get a Nautilus error message window saying "Access denied or you don't have
the necessary rights".   The users that I'm using to access this
workstations do have the correct user rights over the

I'm suspecting of a PAM misconfiguration.

I hope you can help me with this issue.  If you need me to post any other
information that I may have forgotten, please ask.

Thanks in advance...


fedora-list mailing list
fedora-list redhat com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]