samba - Mar 2006 - system-auth-winbind

I found this file in the /etc/samba directory:
	system-auth-winbind
It looks like it has been setup to be used by samba for pam. Does anyone know if
that is what it is for?

I tried to copy the contents into the /etc/pam.d/samba file but I still could
not get access to the Home directory navigating to it
\\Solidus\<userhome>.
This is the only thing that I cannot get working. 

SSH works with pam now, logging in to the console with domain profiles with pam
works now.
Navigating to the samba shares only works with the public folder, not the home
directory.

Here is my /etc/pam.d/samba contents:

#%PAM-1.0
# $Header: /var/cvsroot/gentoo/src/patchsets/samba/configs/system-auth-winbind,v
1.1 2005/08/09 12:56:26 seemant Exp $

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
use_first_pass
auth        required      /lib/security/pam_deny.so

account     sufficient    /lib/security/pam_winbind.so
account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0077
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

and here is my smb.conf:

# Samba config file created using SWAT
# from 10.11.7.56 (10.11.7.56)
# Date: 2006/03/08 06:09:01

[global]
        workgroup = MARKETSCAN
        realm = MARKETSCAN.COM
        server string = %h, Samba Server %v
        interfaces = lo, eth0
        bind interfaces only = Yes
        security = ADS
        password server = nostradamus, nostradamus_ii
        log level = 5
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768
        load printers = No
        disable spoolss = Yes
        os level = 2
        domain master = No
        preferred master = No
        local master = No
        dns proxy = No
        wins proxy = No
        wins server = 10.11.3.198
        ldap ssl = No
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
        template home dir = /home/%D/%U
        winbind use default domain = Yes

[public]
        comment = %h Public Share Directory
        path = /home/samba/public
        valid users = "@MARKETSCAN\Domain Users"
        write list = "@MARKETSCAN\Domain Users"
        read only = No
        map readonly = no

[homes]
        comment = Home directory for %U
        #path = /home/%D/%U
         valid users = %S
        write list = %S
        read only = No
        hide dot files = No
        map readonly = no
        browseable = No

Please let me know what I have misconfigured or not configured.

thanks,

Guillermo Gutierrez
Development Systems Engineer
Market Scan Information Systems
(818) 575-2000 x2427
ggutierrez@marketscan.com

I really would like to be able to use samba with ADS/kerberos/PAM domain
authentication.

ADS/kerberos/PAM domain authentication works with SSH now, it works if I login
on the console with a domain account, but it wont work if I try to vavigate to
the Samba shares by UNC path.

Please, someone take a look at the info below and let me know what I am doing
wrong or of you need more info.

-----Original Message-----
From: samba-bounces+ggutierrez=marketscan.com@lists.samba.org
[mailto:samba-bounces+ggutierrez=marketscan.com@lists.samba.org]On
Behalf Of Guillermo Gutierrez
Sent: Thursday, March 09, 2006 12:59 PM
To: samba@lists.samba.org
Subject: [Samba] system-auth-winbind


I found this file in the /etc/samba directory:
	system-auth-winbind
It looks like it has been setup to be used by samba for pam. Does anyone know if
that is what it is for?

I tried to copy the contents into the /etc/pam.d/samba file but I still could
not get access to the Home directory navigating to it
\\Solidus\<userhome>.
This is the only thing that I cannot get working. 

SSH works with pam now, logging in to the console with domain profiles with pam
works now.
Navigating to the samba shares only works with the public folder, not the home
directory.

Here is my /etc/pam.d/samba contents:

#%PAM-1.0
# $Header: /var/cvsroot/gentoo/src/patchsets/samba/configs/system-auth-winbind,v
1.1 2005/08/09 12:56:26 seemant Exp $

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
use_first_pass
auth        required      /lib/security/pam_deny.so

account     sufficient    /lib/security/pam_winbind.so
account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0077
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

and here is my smb.conf:

# Samba config file created using SWAT
# from 10.11.7.56 (10.11.7.56)
# Date: 2006/03/08 06:09:01

[global]
        workgroup = MARKETSCAN
        realm = MARKETSCAN.COM
        server string = %h, Samba Server %v
        interfaces = lo, eth0
        bind interfaces only = Yes
        security = ADS
        password server = nostradamus, nostradamus_ii
        log level = 5
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768
        load printers = No
        disable spoolss = Yes
        os level = 2
        domain master = No
        preferred master = No
        local master = No
        dns proxy = No
        wins proxy = No
        wins server = 10.11.3.198
        ldap ssl = No
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
        template home dir = /home/%D/%U
        winbind use default domain = Yes

[public]
        comment = %h Public Share Directory
        path = /home/samba/public
        valid users = "@MARKETSCAN\Domain Users"
        write list = "@MARKETSCAN\Domain Users"
        read only = No
        map readonly = no

[homes]
        comment = Home directory for %U
        #path = /home/%D/%U
         valid users = %S
        write list = %S
        read only = No
        hide dot files = No
        map readonly = no
        browseable = No

Please let me know what I have misconfigured or not configured.

thanks,

Guillermo Gutierrez
Development Systems Engineer
Market Scan Information Systems
(818) 575-2000 x2427
ggutierrez@marketscan.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

WOOO HOOOO!!!!
sorry, got a little excited.
I finally realized what I needed to do inorder to get Samba to allow me access
to the home folder share.

Under [homes], I changed "valid users = %S" to "valid users =
%D\%S". And it finally let me right in, I had to do the same for
"write list = %S".

PLUS, I also left /etc/pam.d/samba with the contents of
/etc/samba/system-auth-winbind.

Also I found out on my setup that if you belong to more than one group,
"Domain Users" might not be of use. I had to specify a particular
group(s) for the permissions to work.

-----Original Message-----
From: samba-bounces+ggutierrez=marketscan.com@lists.samba.org
[mailto:samba-bounces+ggutierrez=marketscan.com@lists.samba.org]On
Behalf Of Guillermo Gutierrez
Sent: Friday, March 10, 2006 11:49 AM
To: samba@lists.samba.org
Subject: RE: [Samba] system-auth-winbind


I really would like to be able to use samba with ADS/kerberos/PAM domain
authentication.

ADS/kerberos/PAM domain authentication works with SSH now, it works if I login
on the console with a domain account, but it wont work if I try to vavigate to
the Samba shares by UNC path.

Please, someone take a look at the info below and let me know what I am doing
wrong or of you need more info.

-----Original Message-----
From: samba-bounces+ggutierrez=marketscan.com@lists.samba.org
[mailto:samba-bounces+ggutierrez=marketscan.com@lists.samba.org]On
Behalf Of Guillermo Gutierrez
Sent: Thursday, March 09, 2006 12:59 PM
To: samba@lists.samba.org
Subject: [Samba] system-auth-winbind


I found this file in the /etc/samba directory:
	system-auth-winbind
It looks like it has been setup to be used by samba for pam. Does anyone know if
that is what it is for?

I tried to copy the contents into the /etc/pam.d/samba file but I still could
not get access to the Home directory navigating to it
\\Solidus\<userhome>.
This is the only thing that I cannot get working. 

SSH works with pam now, logging in to the console with domain profiles with pam
works now.
Navigating to the samba shares only works with the public folder, not the home
directory.

Here is my /etc/pam.d/samba contents:

#%PAM-1.0
# $Header: /var/cvsroot/gentoo/src/patchsets/samba/configs/system-auth-winbind,v
1.1 2005/08/09 12:56:26 seemant Exp $

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
use_first_pass
auth        required      /lib/security/pam_deny.so

account     sufficient    /lib/security/pam_winbind.so
account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0077
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

and here is my smb.conf:

# Samba config file created using SWAT
# from 10.11.7.56 (10.11.7.56)
# Date: 2006/03/08 06:09:01

[global]
        workgroup = MARKETSCAN
        realm = MARKETSCAN.COM
        server string = %h, Samba Server %v
        interfaces = lo, eth0
        bind interfaces only = Yes
        security = ADS
        password server = nostradamus, nostradamus_ii
        log level = 5
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768
        load printers = No
        disable spoolss = Yes
        os level = 2
        domain master = No
        preferred master = No
        local master = No
        dns proxy = No
        wins proxy = No
        wins server = 10.11.3.198
        ldap ssl = No
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
        template home dir = /home/%D/%U
        winbind use default domain = Yes

[public]
        comment = %h Public Share Directory
        path = /home/samba/public
        valid users = "@MARKETSCAN\Domain Users"
        write list = "@MARKETSCAN\Domain Users"
        read only = No
        map readonly = no

[homes]
        comment = Home directory for %U
        #path = /home/%D/%U
         valid users = %S
        write list = %S
        read only = No
        hide dot files = No
        map readonly = no
        browseable = No

Please let me know what I have misconfigured or not configured.

thanks,

Guillermo Gutierrez
Development Systems Engineer
Market Scan Information Systems
(818) 575-2000 x2427
ggutierrez@marketscan.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba