Hi,
I compiled and installed Samba-2.2.3a on Solaris 8(IA).Now I am
trying to configure Winbind to enable logon to our Win2k Domain
from the Samba box.I copied the libnss_winbind.so to the /lib
folder & created .so.1 & .so.2 links.I also made changes in the
smb.conf file as given below.I am able to connect to the shares on
the Samba Server using the Domain authentication.Now I changed the
/etc/nsswitch.conf to contain the entries of winbind for passwd &
group.I could also get all the list of user & group names with
wbinfo -u & -g.But getent passwd doesnt return anything except the
local passwd database users.I could complie the pam_winbind.so
file with some "Incompatible pointer type warnings" and placed the
pam_winbind.so file in the /usr/lib/security along with an entry
in the /etc/pam.conf file .But I couldnt logon to my Solaris box
with a domain user name.I examined the log.winbindd file & found
that the username which is "getnag" on the domain is being
truncated to "etnag".Please find my configuration files below..I
hope someone will definitely help me.
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options
listed
# here. Samba has a huge number of configurable options (perhaps
too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
"testparm"
# to check that you have not many any basic syntactic errors.
#
#======================= Global Settings
====================================[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = SCLINDIA
# server string is the equivalent of the NT Description field
server string = PLUTO
# This option is important for security. It allows you to
restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.1. 192.168.2. 127.
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes
# you may wish to override the location of the printcap file
; printcap name = /etc/printcap
# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV
spool
# system
; printcap name = lpstat
# It should not be necessary to specify the print system type
unless
# it is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
; printing = bsd
# Uncomment this if you want a guest account, you must add this to
/etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
log file = /usr/local/samba/var/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = domain
# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name]
[My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
password server = SCLPDC
# Note: Do NOT use the now deprecated option of "domain
controller"
# This option is no longer implemented.
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba
documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
# Using the following line enables you to customise your
configuration
# on a per machine basis. The %m gets replaced with the netbios
name
# of the machine that is connecting
; include = /usr/local/samba/lib/smb.conf.%m
# Most people will find that this option gives better
performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list
them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24
# Browser Control Options:
# set local master to no if you don't want Samba to become a
master
# browser on your network. Otherwise the normal election rules
apply
; local master = no
# OS Level determines the precedence of this server in master
browser
# elections. The default value should be reasonable
; os level = 33
# Domain Master specifies Samba to be the Domain Master Browser.
This
# allows Samba to collate browse lists between subnets. Don't use
this
# if you already have a Windows NT domain controller doing this
job
; domain master = yes
# Preferred Master causes Samba to force a local browser election
on startup
# and gives it a slightly higher chance of winning the election
; preferred master = yes
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is
username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's
WINS Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS
Client
# Note: Samba can be either a WINS Server, or a WINS Client, but
NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must
be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS
names
# via DNS nslookups. The built-in default for versions 1.9.17 is
yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no
# Seperate domain & username with '+',line DOMAIN+username
#winbind seperator = +
# Use uid's from 10000 to 20000 for domain users
winbind uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
#winbind enum_users = yes
#winbind enum_groups = yes
# give winbind users a real shell (only needed if they have telnet
access)
template homedir = /export/home/users/win2k/%D/%U
template shell = /bin/bash
#============================ Share Definitions
=============================[homes]
comment = Home Directories
browseable = no
writable = yes
--------------------------------------------------
#
#ident "@(#)pam.conf 1.14 99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
login auth sufficient /usr/lib/security/pam_winbind.so
login auth required /usr/lib/security/$ISA/pam_unix.so.1
use_first_pass
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
#
rlogin auth sufficient
/usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth required /usr/lib/security/$ISA/pam_unix.so.1
other auth sufficient /usr/lib/security/pam_winbind.so
#
# Account management
#
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other session required /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
other password required /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use
Kerberos)
#
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other password optional /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
------------------------------------------------------
log.winbindd
[2002/04/29 08:06:27, 0]
smbd/password.c:domain_client_validate(1572)
domain_client_validate: unable to validate password for user
etnag in domain SCLINDIA to Domain controller SCLPDC. Error was
NT_STATUS_NO_SUCH_USER.
[2002/04/29 08:24:21, 0]
rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(406)
cli_net_sam_logon_internal: NT_STATUS_NO_SUCH_USER
[2002/04/29 08:24:21, 0]
smbd/password.c:domain_client_validate(1572)
domain_client_validate: unable to validate password for user
etnag in domain SCLINDIA to Domain controller SCLPDC. Error was
NT_STATUS_NO_SUCH_USER.
[2002/04/29 08:30:41, 0]
rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(406)
cli_net_sam_logon_internal: NT_STATUS_NO_SUCH_USER
[2002/04/29 08:30:41, 0]
smbd/password.c:domain_client_validate(1572)
domain_client_validate: unable to validate password for user
etnag in domain SCLINDIA to Domain controller SCLPDC. Error was
NT_STATUS_NO_SUCH_USER.
[2002/04/29 08:31:43, 0]
rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(406)
cli_net_sam_logon_internal: NT_STATUS_NO_SUCH_USER
[2002/04/29 08:31:43, 0]
smbd/password.c:domain_client_validate(1572)
domain_client_validate: unable to validate password for user
etnag in domain SCLINDIA to Domain controller SCLPDC. Error was
NT_STATUS_NO_SUCH_USER.
[2002/04/29 08:32:48, 0]
smbd/password.c:domain_client_validate(1507)
domain_client_validate: no challenge done - password failed
[2002/04/29 08:33:29, 0]
rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(406)
cli_net_sam_logon_internal: NT_STATUS_NO_SUCH_USER
[2002/04/29 08:33:29, 0]
smbd/password.c:domain_client_validate(1572)
domain_client_validate: unable to validate password for user
ser in domain SCLINDIA to Domain controller SCLPDC. Error was
NT_STATUS_NO_SUCH_USER.
[2002/04/29 08:35:09, 0]
rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(406)
cli_net_sam_logon_internal: NT_STATUS_NO_SUCH_USER
[2002/04/29 08:35:09, 0]
smbd/password.c:domain_client_validate(1572)
domain_client_validate: unable to validate password for user
ser in domain SCLINDIA to Domain controller SCLPDC. Error was
NT_STATUS_NO_SUCH_USER.
[2002/04/29 08:40:41, 0]
rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(406)
cli_net_sam_logon_internal: NT_STATUS_NO_SUCH_USER
[2002/04/29 08:40:41, 0]
smbd/password.c:domain_client_validate(1572)
domain_client_validate: unable to validate password for user
ser in domain 1SCLINDIA to Domain controller SCLPDC. Error was
NT_STATUS_NO_SUCH_USER.
_________________________________________________________
Click below to visit monsterindia.com and review jobs in India or
Abroad
http://monsterindia.rediff.com/jobs