[K12OSN] winbind--Using NT Domain Accounts on Clients
cliebow at downeast.net
cliebow at downeast.net
Sat Aug 7 17:39:48 UTC 2004
thi si in rc.local so services start upin order
#!/bin/sh
smbpasswd -j ELLSWORTH -r DC2 -U administrator%NTpassword
service smb start
service winbind start
touch /var/lock/subsys/local
chmod 744 /etc/samba/smb.conf
this is in nsswitch.conf so at low level redhat looksforauth in right places
passwd: files winbind nisplus
shadow: files winbind nisplus
group: files winbind nisplus
This is pam.d/system-auth so pam module does authentication
auth required /lib/security/pam_env.so
######working til this added
#auth required /lib/security/pam_mount.so
#####################################
auth sufficient /lib/security/pam_winbind.so use_first_pass
auth sufficient /lib/security/pam_unix.so likeauth nullok
use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
#killsitsession required /lib/security/pam_mount.so use_first_pass
this is smb.conf or at least relevant piece of it
[global]
log file = /var/log/samba/%m.log
passwd chat = *New*password*Dude* %n/n *Retype*new*passord* 5n/n
*passwd:*all*authentication*tokens*updated*
passwd program=/usr/bin/passwd %u
load printers = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = 10.10.0.3
encrypt passwords = yes
dns proxy = No
netbios name = Eagle1
server string = Samba Server
writable = no
#browseable = no
local master = No
remote announce = 10.10.255.255
workgroup = ELLSWORTH
os level = 33
security = domain
######################Winbind
obey pam restrictions = yes
security = domain
#winbind Separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /home/%U
template shell = /bin/bash
smbpasswd file =/etc/samba/smbpasswd
name resolve order = hosts wins lmhosts bcast
password server = *
unix password sync = yes
create mode=700
directory mode=700
John Terpstra has good chapter on it in Officiasl Samba-3 handbook..these
files are from samba 2.2.8.
Hope this gives you a start..probablyi forgot something..i uisually do 8~)
---------------------------------------------
This message was sent from Downeast.Net.
http://ellsworthme.com/
More information about the K12OSN
mailing list