> Message: 15
> Date: Mon, 15 Jul 2002 13:14:36 -0400
> From: "Brandon Lemoine" <BrandonL@bhl.com>
> To: <samba@lists.samba.org>
> Subject: [Samba] How to setup Winbindd:
>
> This is a multi-part message in MIME format.
>
> ------_=_NextPart_001_01C22C23.189BD8D2
> Content-Type: text/plain;
> charset="US-ASCII"
> Content-Transfer-Encoding: quoted-printable
>
> Thanks for any information and your time!!!
> =20
> I have been working on getting my samba 2.2.5 server to work with my 2K
> domain in (native mode). Setup is on a RH 7.3 system with two NIC's one
> on a Internet network the other is for the LAN.
> =20
> What I need is to get the XP/2K/4.0 systems to see the samba shares and
> us them based on the users and groups that are on the domain. This is a
> 2K AD Domain.
> =20
> I have performed the following:
> =20
> Setup the /etc/samba/smb.conf file.
> Change the /etc/pam_smb.conf file.
> Changed the /etc/nsswitch.conf file.
> Changed the /etc/pam.d/system-auth and samba files.
> Set smb and winbindd to start with the system.
> Added the samba system to the domain using smbpasswd -j XXX -r XXX -U
> XXX%XXX.
> =20
> To test I did the following:
> =20
> Used smbclient -L (samba and domain server) -U domain+user%password. I
> was able to get connected to the servers. and get to the information
> that only the user was able to get to.
> =20
> wbinfo -t =3D could not check the secret.
If this happens, your domain account is wrong. Rejoin the domain and
restart wibind.
> wbinfo - m =3D could not list trusted domains
If wbinfo -t works, and this or the next one fails, you need to either
look at wbinfo -A or
http://ranger.dnsalias.com/mandrake/muo/connect/csamba5.html#winbind
> wbinfo - u =3D error looking up domain users.
> =20
> Is there any configuration that I need to do with LDAP?
no.
> =20
> =20
> Thanks again!
> =20
> Configuration files:
> =20
> smb.conf:
> [global]
> winbind separator =3D +
If you are using this only for samba serving, you might as well
uncomment this so it uses \
> winbind cache time =3D 10
> template shell =3D /bin/bash
> template homedir =3D /home/%D/%U
> winbind uid =3D 10000-20000
> winbind gid =3D 10000-20000
> workgroup =3D BHL
> netbios name =3D SAMBA
> server string =3D Samba 2.2.5
> log file =3D /var/log/samba/log.%M
> loglevel =3D 1
> max log size =3D 50
> security =3D domain
> encrypt passwords =3D yes
> password server =3D 10.7.2.15
> socket options =3D TCP_NODELAY
> wins server =3D 10.7.2.15
> wins proxy =3D no
> dns proxy =3D no
> wins support =3D no
> # add user script =3D /usr/sbin/useradd %u
> # delete user script =3D /usr/sbin/userdel %u
> interfaces =3D 10.7.2.16/16
> =20
> [home]
> comment =3D Unix Home Dir.
> path =3D %H
> writable =3D yes
> valid users =3D %S
> browseable =3Dno
> create mode =3D 0664
> directory mode =3D 0775
> =20
> [data]
> comment =3D bhl data
> path =3D /home/data
> public =3D no
> writable =3D yes
> browseable =3D yes
> create mode =3D 0664
> directory mode =3D 0775
> =20
> [dvd]
> comment =3D DVD drive
> path =3D /mnt/cdrom
> public =3D yes
> writable =3D no
> browseable =3D yes
> [rpms]
> comment =3D RedHat RPMS
^^^^^^
This may be one of your prolems ;-).
> path =3D /home/rpms
> read only =3D no
> writable =3D yes
> public =3D yes
> browseable =3D yes
> create mode =3D 0764
> directory mode =3D 0775
> =20
> [Unix]
> comment =3D Unix drive
> path =3D /
> public =3D yes
> writable =3D no
> browseable =3D yes
> =20
> /etc/pam_smb.conf:
> domain
> domain DC
> =20
> /etc/nsswitch.conf:
> passwd: files winbind nisplus
> shadow: files nisplus
> group: files winbind nisplus
> =20
> /etc/pam.d/system-auth and samba files:
> auth sufficient /lib/security/pam_winbind.so (added this to both of the
> files.)
You need
account sufficient /lib/security/pam_winbind.so
as well, and
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022
might also be useful.
You may as well get a real system-auth-winbind file:
http://cvs.samba.org/cgi-bin/cvsweb/~checkout~/samba/packaging/Mandrake/Attic/system-auth-winbind.pamd?rev=1.1.2.2&content-type=text/plain&only_with_tag=SAMBA_2_2
(or in the packaging/Mandrake directory of the source).
Either use this to replace your system-auth, or change
service=system-auth to service=system-auth-winbind in all the pam files
for the services you want to use to autheticate via winbind.
Buchan
--
|----------------Registered Linux User #182071-----------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7