samba - Dec 2004 - need help with winbind, pam and samba

Hi all,

happy christmas,

need help with winbind, pam and samba.

I have here a RHEL clone with Samba 3.09.
Winbind goes so far and wbinfo - u / -g / -t is successful.

Which does not function is Winbind and pam.
As soon as a Windows PC wants to access a share,
i get the following error message in the Samba log file.

	[2004/12/27 11:54:34, 0]
auth/auth_util.c:make_server_info_info3(1134)
	  make_server_info_info3: pdb_init_sam failed!

Which are the correct parameters for pam the files?


I have the following files to info:

	nsswitch.conf

	passwd:     files winbind
	shadow:     files winbind
	group:      files winbind

	pam.d / samba

	#%PAM-1.0
	auth       required	pam_nologin.so
	auth       required	pam_stack.so service=system-auth
	auth       required	pam_winbind.so
	account    required	pam_winbind.so
	account    required	pam_stack.so service=system-auth
	session    required	pam_mkhomedir.so skel=/etc/skel umask=0022
	session    required	pam_stack.so service=system-auth
	password   required	pam_stack.so service=system-auth

With this samba pam configuration, is no longer successful the login on swat
via Webmin. I get the error message, root the wrong password used.


	pam.d / login

	#%PAM-1.0
	auth       required	pam_securetty.so
	auth       sufficient	pam_winbind.so
	auth       sufficient	pam_unix.so likeauth nullok use_first_pass
	auth       required	pam_stack.so service=system-auth
	auth       required	pam_nologin.so
	account    sufficient	pam_winbind.so
	account    required	pam_stack.so service=system-auth
	password   required	pam_stack.so service=system-auth
	session    required	pam_stack.so service=system-auth
	session    optional	pam_console.so

	pam.d / sytsem_auth

	%PAM-1.0
	# This file is auto-generated.
	# User changes will be destroyed the next time authconfig is run.
	auth        required      /lib/security/$ISA/pam_env.so
	auth        sufficient    /lib/security/$ISA/pam_winbind.so
	auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth
nullok use_first_pass
	auth        required      /lib/security/$ISA/pam_deny.so

	account     required      /lib/security/$ISA/pam_unix.so

	password    required      /lib/security/$ISA/pam_cracklib.so retry=3
	type	password    sufficient    /lib/security/$ISA/pam_unix.so nullok
	use_authtok md5 shadow
	password    required      /lib/security/$ISA/pam_deny.so

	session     required      /lib/security/$ISA/pam_limits.so
	session     required      /lib/security/$ISA/pam_unix.so


What wrong do I make? Does someone have an idea?

Thanks for each assistance.


Stefan

My apologies in advance if this is an obvious question, but I've googled and
checked in my copy of the Official Samba-3 HOWTO and it's not working the
way I think it should.  Perhaps some kind soul can point me in the right
direction.  Thanks.

Problems:
When I use W2k's set security on a DIRECTORY (right click on the directory,
properties, security tab) I cannot set the permissions for owner (user) to
read only; (I can set everyone and group to read/only); looking at the
permissions on the server they're not being set for user;

I can set permissions correctly for a FILE, but not for DIRECTORIES

Bonus problem: (I think I know the answer, but I'll ask)

Is there anyway to make a file/folder undeletable to a W2K user without
write-protecting the parent directory? 

Details:

Version/OS:  Samba 2.2.8 on  Yellow Dog Linux on a Mac G3

Relevant config parameters:


	security = USER
	acl compatibility = 
	nt smb support = Yes
	nt pipe support = Yes
	nt status support = Yes
	announce version = 4.9
	announce as = NT
	hide local users = No
	force user = 
	force group = 
	read only = Yes
	create mask = 0744
	force create mode = 00
	security mask = 0777
	force security mode = 00
	directory mask = 0755
	force directory mode = 00
	directory security mask = 0777
	force directory security mode = 00
	force unknown acl user = 00
	inherit permissions = No
	inherit acls = No
	guest ok = Yes
	only user = No
	status = Yes
	nt acl support = Yes
	profile acls = No
	block size = 1024
	hide unreadable = No
	delete veto files = No
	veto files = 
	hide files = /Network Trash
Folder/icon?/TheFindByContentFolder/TheVolumeSettingsFolder/Thumbs.db/~*/
	map system = No
	map hidden = No
	map archive = Yes
	delete readonly = No
	dos filemode = No
	dos filetimes = No
	dos filetime resolution = No
	fake directory create times = No

[finance2]
	comment = this is r/w everyone
	path = /usr/finance2
	read only = No


Many thanks

Ken  Lubar