Problem joing RHEL4 to Windows Server 2003 Active Directory using winbind

kevin huang khuang888 at gmail.com
Mon Mar 20 12:09:12 UTC 2006 

Hi Nabeel

Thanks for your help. I am still trying to get wbinfo -u to work, but
it seems i could join my Samba machine (i.e. RHEL)  to Windows Active
Directory, yes a record do exists in AD and it has the same machine
name as what i put down in /etc/host file. I am still not sure why
wbinfo -u still wont return me a list of domain users.

Just another question, if I want user to be authenticated by AD when
they log on at the log on screen (GNOME), do I need to modify the
following files:

1) /etc/pam.d/login - please note some of the lines below I have
manually added in

auth       required     pam_securetty.so
auth       sufficient   pam_winbind.so (added)
auth       sufficient   /lib/security/pam_unix.so use_first_pass
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    sufficient   pam_winbind.so (added)
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_mkhomedir.so skel=/etc/skel
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so multiple open


2) /etc/pam.d/gdm - please note some of the lines below I have manually added in

auth       required     pam_env.so
auth       sufficient   pam_winbind.so (added)
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so


Are these the only two files i need to get the AD authentication to
work when user logs in at the login screen?

Thanks for your help

Regards

Kevin






On 3/19/06, Nabeel Moidu <nabeelmoidu at gmail.com> wrote:
> On 3/17/06, kevin huang <khuang888 at gmail.com> wrote:
> >
> > Hi
> > Thanks for your reply
> >
> > Do i need to restart winbindd-Daemon after I run net ads join? At the
> > moment, Smbdd-Daemon and winbindd-Daemon are automaically run at startup.
> > Also, why 15 minutes?
> >
> > I m still confused why wbinfo -t worked but wbinfo -u dont? Clearly, RPC
> > calls is not the problem here because it succeeded.
>
>
> An addition
> change this line in smb.conf
>    winbind use default domain = yes
> to
>     winbind use default domain = no
>
> Also make sure the name you use for your samba machine in /etc/hosts is
> recongnizable by your Windows AD
>
> Thanks for your help!
> >
> > Regards
> >
> > Kevin
> >
> >
> --
> Thanks and Regards
> Nabeel Moidu
> System Administrator
> OnMobile System Inc
> Bangalore, India
> www.onmobile.com
>
>
> If we don't believe in freedom of expression for people we despise, we don't
> believe in it at all.  Noam Chomsky
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subjectunsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list