Setup: Suse 7.2, Samba 2.2.6 Win 2K PDC Project: I would like to use winbind to authenticate users that do not have local accounts on the linux machine for access to various file and print shares. I have gotten winbind to successfully grab the user and groups from the NT box (verified by getent passwd). However, I have had little luck obtaining the permission based file share that I would like. Questions: 1. Do users accessing the share need local accounts? a. if so, is there a way to export users from win2k into linux? 2. Can you use NT groups in the smb.conf file to control access? 3. The documentation on winbind http://us2.samba.org/samba/docs/man/winbindd.8.html almost makes it sound as if it may be possible to authenticate NT users and grant them login rights (actual session login rights, not samba shares) to the linux machine. Is this true? If so is there additional configuration to achieve this assuming quesiton 1 has been answered and setup properly? 4. Does anyone know of further online winbind documentation? Thanks in advance... Chris McKeever
Mikko Rautiainen
2002-Nov-17 21:58 UTC
[Samba] WINBIND configuration and NT Authentication
I'll try to get the config files I have for you tomorrow, but they wont work in suse 7.2 They aply in madrake 9. I got locked out couple times too :) The most important pam files are samba, system-auth(-winbind), and login. Mikko Chris McKeever wrote:>thanks for the reply..you got it with the pam configuration...would you >happen to have some working examples?? also, is there a way to restart PAM >after changes (say to the login and passwd files) > > >Thanks for those links > > >-----Original Message----- >From: Mikko Rautiainen [mailto:mrautia6@welho.com] >Sent: Sunday, November 17, 2002 3:53 AM >To: Chris McKeever >Subject: Re: [Samba] WINBIND configuration and NT Authentication > > >Hi, > > >Yes it's possible to authenticate users from win 2000 server with >winbind. For me >the PAM configuration was the hardest part. I used mandrake 9 and it has >a realy >good pre config. And if you want to modify the folder/file permissions >from NT/W2k >PDC then don't use ReiserFS as the filesystem. Use either EXT3 or XFS. >Mayby the >ReiserFS 4 will have the ACL support. >I have had dificulties with suse and samba. Like my suse8 home server >needs a restart >after 2 days and I don't know the reason why. I just lose the connection >to the samba. > >So the winbind part was easy to make work in mandrake 9, just need to >config smb.conf >right and thats about it. The PAM is a bit harder (to me at least). PAM >is the key for the >linux end to understand to use the winbind connection. If not correctly >cinfigured it can't >get the authentication from the Win NT/2k PDC. > >Here are some links that was helpful for me. >http://archives.neohapsis.com/archives/pam-list/2001-10/0038.html >http://ma.ph-freiburg.de/tng/tng-users/2001-06/msg00025.html >http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html (very helpful) > >Hope these help > >Mikko Rautiainen > > >Chris McKeever wrote: > >>Setup: >> Suse 7.2, Samba 2.2.6 >> Win 2K PDC >> >>Project: >>I would like to use winbind to authenticate users that do not have local >>accounts on the linux machine for access to various file and print shares. >>I have gotten winbind to successfully grab the user and groups from the NT >>box (verified by getent passwd). However, I have had little luck obtaining >>the permission based file share that I would like. >> >>Questions: >>1. Do users accessing the share need local accounts? >> a. if so, is there a way to export users from win2k into linux? >>2. Can you use NT groups in the smb.conf file to control access? >>3. The documentation on winbind >>http://us2.samba.org/samba/docs/man/winbindd.8.html almost makes it sound >> >as > >>if it may be possible to authenticate NT users and grant them login rights >>(actual session login rights, not samba shares) to the linux machine. Is >>this true? If so is there additional configuration to achieve this >> >assuming > >>quesiton 1 has been answered and setup properly? >>4. Does anyone know of further online winbind documentation? >> >>Thanks in advance... >> >>Chris McKeever >> >> >> >> > >-------------- next part -------------- HTML attachment scrubbed and removed