[K12OSN] samba-winbind-ads setup
Dimitri Yioulos
dyioulos at firstbhph.com
Mon Sep 13 16:23:04 UTC 2004
Did as instructed: I made copies of pam.d and samba directories. I then
ran "system-config-authentication" (which I had actually done as part of the
install process). My entires were like this:
Domain: "mysite" (here I assumed I was to use what win2k3 calls a pre-win2k
domain name)
Security Model: "ADS"
Winbind ADS Realm: "mysite.mydomain.com"
Winbind ADS Controllers: "adsserver.mysite.mydomain.com"
Template Shell: "/bin/false"
Seem right? What next?
Diggy
-----Original Message-----
From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf
Of Henry Burroughs
Sent: Friday, September 10, 2004 12:24 PM
To: k12osn at redhat.com
Subject: RE: [K12OSN] samba-winbind-ads setup
Diggy,
First, make a backup copy of your /etc/pam.d directory and /etc/samba
directories... (ie: "cp -pR /etc/pam.d /root/pam.d; cp -pR /etc/samba
/root/samba")
Now, there is a gui program called "system-config-authentication"...
that is from fedora core 2 (k12ltsp 4.1)... if you are running 4.0.1,
then try "redhat-config-authentication" which you can run from a
graphical terminal on the server. You should only have to check "Use
winbind" on the 2 tabs that are present.
Don't worry... I've only learned alot of this from trial and error...
we can get you through this on the list. If you still are having
problems, we can put your files back and use some of my configuration
files from my /etc/pam.d/
> From: Dimitri Yioulos <dyioulos at firstbhph.com>
> To: 'Support list for opensource software in schools.' <k12osn at redhat.com>
> Subject: RE: [K12OSN] samba-winbind-ads setup
> Date: Fri, 10 Sep 2004 11:41:23 -0400
>
> -----Original Message-----
> From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On
Behalf
> Of Henry Burroughs
> Sent: Friday, September 10, 2004 10:34 AM
> To: k12osn at redhat.com
> Subject: RE: [K12OSN] samba-winbind-ads setup
>
> Sounds like a PAM problem. if you run system-config-authentication,
> and configure winbind support for both User information as well as
> Authentication. Also, try "getent password" or "getent group"... you
> should see the AD users... just like you were looking at /etc/password
> (unless you don't have enumeration set).
>
> I personally am using AD directory via LDAP & Kerberos... I had to do
> some hacking on /etc/pam.d/ to get it to work though. Not fully
> operational yet for all users (still "tweaking" my k12ltsp server).
>
> Secretly, I am looking to dump AD next summer and move to pure LDAP...
> my 2 win2k servers are cranky and steadily running out of space on C:
> (what's up with that!!!!)
>
>
> --
> Henry Burroughs
> Technology Director
> Hilton Head Preparatory School
> www.hhprep.org
> hburroughs at hhprep.org
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
>
> Henry,
>
> Wish I could dump the two win2x servers I have, but accounting app and
voice
> mail depend on them (until the program vendors port to Linux!).
>
> Sorry to be such a noob, but " if you run system-config-authentication,
> and configure winbind support for both User information as well as
> Authentication" - how?
>
> I ran getent password and getent group, and I did get the correct
responses.
>
> Many thanks.
>
> Diggy
>
>
--
Henry Burroughs
Technology Director
Hilton Head Preparatory School
www.hhprep.org
hburroughs at hhprep.org
_______________________________________________
K12OSN mailing list
K12OSN at redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
More information about the K12OSN
mailing list