thr3ads.net - samba - [Samba] Domain users are not able to login through ftp. [Jan 2005]

If this information is useful, please help other people find it:
Share via:
subramanian.ponnusamy@iflexsolutions.com
2005-Jan-31 18:43 UTC
[Samba] Domain users are not able to login through ftp.

Hi,
 
I have successfully setup a Solaris 8 server that allows Windows AD Users to
login to it (through winbind).  The problem is
that ALL such users can now do so.  Is there a way to control which users are
allowed to login while others are denied access?

I have tried adding 
 
valid users = user
 
and  deny to specific users via

invalid users = user
 
It's not working.  
 
 
One more problem is Domain users are able to login through telnet but domain
users are not able to login through ftp. Please help me to resolve these
problems
 
Please find my smb.conf and pam.conf 
 
 
bash-2.03# /usr/local/samba/bin/testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
        workgroup = EX-DOM
        realm = EX.EXAMPLE.COM
        server string = Samba Server
        security = ADS
        obey pam restrictions = Yes
        password server = 10.81.0.1
        log file = /usr/local/samba/var/log.%m
        max log size = 50
        dns proxy = No
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /export/home/%U
        template shell = /bin/bash
        winbind separator = #
        winbind cache time = 10
        winbind use default domain = Yes
[homes]
        comment = Home Directories
        read only = No
        browseable = No
[printers]
        comment = All Printers
        path = /usr/spool/samba
        printable = Yes
        browseable = No

bash-2.03# cat /etc/pam.conf
#
#ident  "@(#)pam.conf   1.14    99/09/16 SMI"
#
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
#
# PAM configuration
#
# Authentication management
#
login   auth required   /usr/lib/security/pam_winbind.so
login   auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass
#
rlogin  auth sufficient /usr/lib/security/pam_winbind.so
rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
dtlogin auth sufficient /usr/lib/security/pam_winbind.so
dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth sufficient /usr/lib/security/pam_winbind.so
other   auth required   /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
# Account management
#
login   account sufficient      /usr/lib/security/pam_winbind.so
login   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
login   account required        /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin account sufficient      /usr/lib/security/pam_winbind.so
dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required        /usr/lib/security/$ISA/pam_unix.so.1
#
other   account sufficient      /usr/lib/security/pam_winbind.so
other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
other   account required        /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other   session required        /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
#other   password sufficient     /usr/lib/security/pam_winbind.so
other   password required       /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin        auth optional   /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass
#other  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin        account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass

Thanks & Regards
subbu
+91-80-57596014


DISCLAIMER:
This message contains privileged and confidential information and is intended
only for the individual named.If you are not the intended recipient you should
not disseminate,distribute,store,print, copy or deliver this message.Please
notify the sender immediately by e-mail if you have received this e-mail by
mistake and delete this e-mail from your system.E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain
viruses.The sender therefore does not accept liability for any errors or
omissions in the contents of this message which arise as a result of e-mail
transmission. If verification is required please request a hard-copy version.
Possibly Parallel Threads

Search for more maybe matching threads
samba - Jan 2005 - Domain users are not able to login through ftp.

[Samba] Domain users are not able to login through ftp.

Possibly Parallel Threads

Wisdom of the Ancients
