Folks, Sincere apologies for asking this again, but I'm just not getting this to work, and must be missing something here: My company's network is based around a Windows 2003 server AD, with several RHEL AS 3 boxes connected to it via samba (3.0.21c-1). ?This scheme works very well. ?I've set up, and have successfully been using a sendmail-based email system, too. My issue is this: ?When I create a user account in AD, I have to also create it in the mail server. ?This is inconvenient and inefficient. I have samba installed on the mail server. I also have the mkhomedir module installed, and the appropriate line to invoke it is in the samba, pop, and smtp.sendmail config files under /etc/pam.d. My users are using the Outlook 2003 mail client. ?If I create a user in the email server, then Outlook has no problem connecting to the mail server using the user's credentials from the email server. ?But, if the user is only created in AD, then Outlook complains that the incoming pop server won't authenticate the user, despite the fact that winbind is fired up, wbinfo -u shows the user, and getent passwd shows the user's credentials. Arrrgh! IMHO, this is the one small thing that keeps this from being a really great system. Can anybody show me the way to get over the hump? Many thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
well the problem i think your having is that you have not edited the /etc/nsswitch.conf file. change from passwd: files shadow: files group: files to: passwd: winbind files shadow: winbind files group: winbind files or something along those lines, play with the /etc/nsswitch.conf to find the right configuration for you. check out the post i've made on my website about how we use have setup my mail system, i think i've done it fairly well http://www.yourhowto.org/content/view/25/9/ Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: paul.matthews@cathedral.qld.edu.au W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success **************************************************************************** **************************************************************************** *********************************** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. -----Original Message----- From: samba-bounces+paul.matthews=cathedral.qld.edu.au@lists.samba.org [mailto:samba-bounces+paul.matthews=cathedral.qld.edu.au@lists.samba.org ]On Behalf Of Dimitri Yioulos Sent: Friday, 31 March 2006 1:53 AM To: samba@lists.samba.org Subject: [Samba] Winbind and email server Folks, Sincere apologies for asking this again, but I'm just not getting this to work, and must be missing something here: My company's network is based around a Windows 2003 server AD, with several RHEL AS 3 boxes connected to it via samba (3.0.21c-1). ?This scheme works very well. ?I've set up, and have successfully been using a sendmail-based email system, too. My issue is this: ?When I create a user account in AD, I have to also create it in the mail server. ?This is inconvenient and inefficient. I have samba installed on the mail server. I also have the mkhomedir module installed, and the appropriate line to invoke it is in the samba, pop, and smtp.sendmail config files under /etc/pam.d. My users are using the Outlook 2003 mail client. ?If I create a user in the email server, then Outlook has no problem connecting to the mail server using the user's credentials from the email server. ?But, if the user is only created in AD, then Outlook complains that the incoming pop server won't authenticate the user, despite the fact that winbind is fired up, wbinfo -u shows the user, and getent passwd shows the user's credentials. Arrrgh! IMHO, this is the one small thing that keeps this from being a really great system. Can anybody show me the way to get over the hump? Many thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
how about you post your pam module here, you might have it configured to require both local and winbind users instead of either or Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: paul.matthews@cathedral.qld.edu.au W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success **************************************************************************** **************************************************************************** *********************************** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. -----Original Message----- From: Dimitri Yioulos [mailto:dyioulos@firstbhph.com] Sent: Friday, 31 March 2006 8:33 AM To: Paul Matthews Subject: Re: [Samba] Winbind and email server top-posting by necessity ... Hi, Paul. Alas, my nsswitch.conf is properly configured. Any other ideas? Dimitri On Thursday March 30 2006 5:12 pm, you wrote:> well the problem i think your having is that you have not edited the > /etc/nsswitch.conf file. > > change from > > passwd: files > shadow: files > group: files > > to: > > passwd: winbind files > shadow: winbind files > group: winbind files > > or something along those lines, play with the /etc/nsswitch.conf to find > the right configuration for you. > > check out the post i've made on my website about how we use have setup my > mail system, i think i've done it fairly well > > http://www.yourhowto.org/content/view/25/9/ > > Paul Matthews > I.T Trainee | The Cathedral School > Ph (07) 47222 194 | Fax (07) 47222 111 > PO Box 944 Aitkenvale Q 4814 > E: paul.matthews@cathedral.qld.edu.au > W: www.cathedral.qld.edu.au > > Anglican coeducation | Day and Boarding | Early Childhood to Year 12 > Educating for life-long success > >***************************************************************************>* >***************************************************************************>* *********************************** > > IMPORTANT NOTICE REGARDING CONFIDENTIALITY > > This electronic email message is intended only for the addressee and may > contain confidential information. If you are not the addressee, you are > notified that any transmission, distribution or photocopying of this email > is strictly prohibited. The confidentiality attached to this email is not > waived, lost or destroyed by reasons of a mistaken delivery to you. > > -----Original Message----- > From: samba-bounces+paul.matthews=cathedral.qld.edu.au@lists.samba.org > [mailto:samba-bounces+paul.matthews=cathedral.qld.edu.au@lists.samba.org > ]On Behalf Of Dimitri Yioulos > Sent: Friday, 31 March 2006 1:53 AM > To: samba@lists.samba.org > Subject: [Samba] Winbind and email server > > > Folks, > > Sincere apologies for asking this again, but I'm just not getting this to > work, and must be missing something here: > > My company's network is based around a Windows 2003 server AD, withseveral> RHEL AS 3 boxes connected to it via samba (3.0.21c-1). ?This scheme works > very well. ?I've set up, and have successfully been using a sendmail-based > email system, too. > > My issue is this: ?When I create a user account in AD, I have to also > create it in the mail server. ?This is inconvenient and inefficient. > > I have samba installed on the mail server. I also have the mkhomedirmodule> installed, and the appropriate line to invoke it is in the samba, pop, and > smtp.sendmail config files under /etc/pam.d. My users are using the > Outlook 2003 mail client. ?If I create a user in the email server, then > Outlook has no problem connecting to the mail server using the user's > credentials from the email server. ?But, if the user is only created inAD,> then Outlook complains that the incoming pop server won't authenticate the > user, despite the fact that winbind is fired up, wbinfo -u shows the user, > and getent passwd shows the user's credentials. Arrrgh! IMHO, this isthe> one small thing that keeps this from being a really great system. > > Can anybody show me the way to get over the hump? > > Many thanks. > > Dimitri > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
OK, here's the samba module: #%PAM-1.0 auth ? ? ? required ? ? pam_nologin.so auth ? ? ? required ? ? pam_stack.so service=system-auth account ? ?required ? ? pam_stack.so service=system-auth session ? ?required ? ? pam_mkhomedir.so skel=/etc/skel umask=0022 session ? ?required ? ? pam_stack.so service=system-auth password ? required ? ? pam_stack.so service=system-auth and here's system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth ? ? ? ?required ? ? ?/lib/security/$ISA/pam_env.so auth ? ? ? ?sufficient ? ?/lib/security/$ISA/pam_unix.so likeauth nullok auth ? ? ? ?required ? ? ?/lib/security/$ISA/pam_deny.so account ? ? required ? ? ?/lib/security/$ISA/pam_unix.so password ? ?required ? ? ?/lib/security/$ISA/pam_cracklib.so retry=3 typepassword ? ?required ? ? ?/usr/lib/security/pam_sso.so.1 password ? ?sufficient ? ?/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow #password ? ?required ? ? ?/lib/security/$ISA/pam_deny.so session ? ? required ? ? ?/lib/security/$ISA/pam_limits.so session ? ? required ? ? ?/lib/security/$ISA/pam_unix.so If you need more, please let me know. Dimitri On Thursday March 30 2006 5:45 pm, Paul Matthews wrote:> how about you post your pam module here, you might have it configured to > require both local and winbind users instead of either or > > Paul Matthews > I.T Trainee | The Cathedral School > Ph ?(07) 47222 194 | ?Fax (07) 47222 111 > PO Box 944 Aitkenvale Q 4814 > E: ?paul.matthews@cathedral.qld.edu.au > W: www.cathedral.qld.edu.au > > Anglican coeducation | Day and Boarding | Early Childhood to Year 12 > Educating for life-long success > > *************************************************************************** >* > *************************************************************************** >* *********************************** > > IMPORTANT NOTICE REGARDING CONFIDENTIALITY > > This electronic email message is intended only for the addressee and may > contain confidential information. If you are not the addressee, you are > notified that any transmission, distribution or photocopying of this email > is strictly prohibited. The confidentiality attached to this email is not > waived, lost or destroyed by reasons of a mistaken delivery to you. > > -----Original Message----- > From: Dimitri Yioulos [mailto:dyioulos@firstbhph.com] > Sent: Friday, 31 March 2006 8:33 AM > To: Paul Matthews > Subject: Re: [Samba] Winbind and email server > > > top-posting by necessity ... > > Hi, Paul. > > Alas, my nsswitch.conf is properly configured. ?Any other ideas? > > Dimitri > > On Thursday March 30 2006 5:12 pm, you wrote: > > well the problem i think your having is that you have not edited the > > /etc/nsswitch.conf file. > > > > change from > > > > passwd: ? ? files > > shadow: ? ? files > > group: ? ? ? files > > > > to: > > > > passwd: ? ? winbind files > > shadow: ? ? winbind files > > group: ? ? ?winbind files > > > > or something along those lines, play with the /etc/nsswitch.conf to find > > the right configuration for you. > > > > check out the post i've made on my website about how we use have setup my > > mail system, i think i've done it fairly well > > > > http://www.yourhowto.org/content/view/25/9/ > > > > Paul Matthews > > I.T Trainee | The Cathedral School > > Ph ?(07) 47222 194 | ?Fax (07) 47222 111 > > PO Box 944 Aitkenvale Q 4814 > > E: ?paul.matthews@cathedral.qld.edu.au > > W: www.cathedral.qld.edu.au > > > > Anglican coeducation | Day and Boarding | Early Childhood to Year 12 > > Educating for life-long success > > *************************************************************************** > > >* > > *************************************************************************** > > >* *********************************** > > > > IMPORTANT NOTICE REGARDING CONFIDENTIALITY > > > > This electronic email message is intended only for the addressee and may > > contain confidential information. If you are not the addressee, you are > > notified that any transmission, distribution or photocopying of this > > email is strictly prohibited. The confidentiality attached to this email > > is not waived, lost or destroyed by reasons of a mistaken delivery to > > you. > > > > -----Original Message----- > > From: samba-bounces+paul.matthews=cathedral.qld.edu.au@lists.samba.org > > [mailto:samba-bounces+paul.matthews=cathedral.qld.edu.au@lists.samba.org > > ]On Behalf Of Dimitri Yioulos > > Sent: Friday, 31 March 2006 1:53 AM > > To: samba@lists.samba.org > > Subject: [Samba] Winbind and email server > > > > > > Folks, > > > > Sincere apologies for asking this again, but I'm just not getting this to > > work, and must be missing something here: > > > > My company's network is based around a Windows 2003 server AD, with > > several > > > RHEL AS 3 boxes connected to it via samba (3.0.21c-1). ?This scheme works > > very well. ?I've set up, and have successfully been using a > > sendmail-based email system, too. > > > > My issue is this: ?When I create a user account in AD, I have to also > > create it in the mail server. ?This is inconvenient and inefficient. > > > > I have samba installed on the mail server. I also have the mkhomedir > > module > > > installed, and the appropriate line to invoke it is in the samba, pop, > > and smtp.sendmail config files under /etc/pam.d. ?My users are using the > > Outlook 2003 mail client. ?If I create a user in the email server, then > > Outlook has no problem connecting to the mail server using the user's > > credentials from the email server. ?But, if the user is only created in > > AD, > > > then Outlook complains that the incoming pop server won't authenticate > > the user, despite the fact that winbind is fired up, wbinfo -u shows the > > user, and getent passwd shows the user's credentials. ?Arrrgh! ?IMHO, > > this is > > the > > > one small thing that keeps this from being a really great system. > > > > Can anybody show me the way to get over the hump? > > > > Many thanks. > > > > Dimitri > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: ?https://lists.samba.org/mailman/listinfo/samba > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: ?https://lists.samba.org/mailman/listinfo/samba-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.