Unix Technician
2005-Jan-20 21:23 UTC
[Samba] Getting Samba3.0.9 to work on Debian(woody) for AD Authentication
Hi, I am using samba 3.0.9 on Debian (woody) IA 64 bit server. I have made a post on linuxquestions.org which contains my compilation and its arguments, krb5.conf, smb.conf, also my kinit and wbinfo -u, g, t, all of which work. I also have the official samba guide and samba by example. I do not have telnet installed and have tried to configure my SSH PAM options. I was wondering if anyone could send me and example working SSH PAM module to use as a base for figuring out the authentication. I am in Windows server 2003 network running in native mode and the username(s) and password(s) that I am trying to sign in with only exist in AD. There are only two local accounts on the machine, root & one other. I hope you don't think I'm trying to take a shortcut and get someone to give me there configuration without working for it. Believe me I've been working on this for a while and posting is usually my last option and I try to avoid it because as you can see from my post on linuxquestions.org it has 400 views and zero responses. I am sure that I am close and have tried to eliminate all other options. I can give you more recent log files than what is on the post. I just wanted to try use a working SSH PAM config first to see if that is all of my problems. Here is the link to the post on linuxquestions.org. Thanks again. http://www.linuxquestions.org/questions/showthread.php?s=&threadid=26596 3
Tyler Retzlaff
2005-Jan-21 05:12 UTC
[Samba] Getting Samba3.0.9 to work on Debian(woody) for AD Authentication
On Friday 21 January 2005 08:23, Unix Technician wrote:> Hi, >> I am using samba 3.0.9 on Debian (woody) IA 64 bit server. I have made > a post on linuxquestions.org which contains my compilation and its > arguments, krb5.conf, smb.conf, also my kinit and wbinfo -u, g, t, all > of which work. I also have the official samba guide and samba by > example. I do not have telnet installed and have tried to configure my > SSH PAM options. I was wondering if anyone could send me and example > working SSH PAM module to use as a base for figuring out the > authentication. I am in Windows server 2003 network running in native > mode and the username(s) and password(s) that I am trying to sign in > with only exist in AD. There are only two local accounts on the > machine, root & one other. I hope you don't think I'm trying to take a > shortcut and get someone to give me there configuration without working > for it. Believe me I've been working on this for a while and posting is > usually my last option and I try to avoid it because as you can see from > my post on linuxquestions.org it has 400 views and zero responses. I am > sure that I am close and have tried to eliminate all other options. I > can give you more recent log files than what is on the post. I just > wanted to try use a working SSH PAM config first to see if that is all > of my problems. Here is the link to the post on linuxquestions.org. > Thanks again.I notice you don't mention libnss-winbind? You do have getent {passwd,group} working right? I was using the following smb.conf everything else default values. [global] netbios name = MYDEBBOX workgroup = INTERNAL # smbd ad membership realm = INTERNAL.MYDOMAIN.NET security = ADS encrypt passwords = yes password server = MYADPDC.INTERNAL.MYDOMAIN.NET # winbind winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash idmap uid = 10000-20000 idmap gid = 10000-20000 For pam.d/ssh (before pam_unix.so's) xxx sufficient pam_winbind.so I should mention though that I was not using the krb5 1.2 as packaged for woody, it just wouldn't work. You have to use >= 1.3. Though a post I made on here had a followup saying perhaps in samba 3.0.11 would have a work-around/fix or something. In any case I was working with 3.0.9 as you are. Tyler