[Ltsp-discuss] ltxp and authenticatio to win 2000-forweard

[EMAIL PROTECTED] Mon, 03 Mar 2003 15:29:34 -0800

In hopes this may help someone else. Works like a charm for me.. The only
change I made was to comment out winbind separator line and add winbind
default domain=  Syntax may not be perfect but ihave it at school. Eliminates
need to put doamin name . Chuck > these are the conf files I created to get
winbind to work... >  > /etc/samba/smb.conf > # Global parameters
> [global]
>         log file = /var/log/samba/%m.log
>         passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         obey pam restrictions = Yes
>         wins server = ipAddress of winserver
>         encrypt passwords = yes
>         winbind uid = 10000-20000
>         passwd program = /usr/bin/passwd %u
>         template shell = /bin/bash
>         dns proxy = No
>         printing = cups
>         server string = Linux TermServer
>         password server = *
>         winbind gid = 10000-20000
>         unix password sync = yes
>         local master = No
>         template homedir = /u/%D/%U
>         workgroup = your domainName
>         security = DOMAIN
>         create mode = 700
>         winbind separator = +
>         max log size = 0
>         pam password change = Yes
>         directory mode = 700
> 
> [homes]
>         comment = Home Directories
>         valid users = %D+%S
>         read only = No
>         create mask = 0664
>         directory mask = 0775
>         browseable = No
> 
> This will share the users home folder on the terminal server, if you
> dont want to put the user folders on the termserv comment out the
> [homes] share.
> 
> ********************************************************
> 
> /etc/nsswitch.conf add this
> 
> passwd:     files winbind nisplus
> shadow:     files winbind nisplus
> group:      files winbind nisplus
> 
> *********************************************************
> 
> In /etc/pam.d
> 
> system-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      /lib/security/pam_env.so
> auth        sufficient    /lib/security/pam_winbind.so
> auth        sufficient    /lib/security/pam_unix.so likeauth nullok
> use_first_pass
> auth        required      /lib/security/pam_deny.so
> 
> account     sufficient    /lib/security/pam_winbind.so
> account     required      /lib/security/pam_unix.so
> 
> password    required      /lib/security/pam_cracklib.so retry=3 type=
> password    sufficient    /lib/security/pam_unix.so nullok use_authtok
> md5 shadow
> password    required      /lib/security/pam_deny.so
> 
> session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/
> umask=0022
> session     required      /lib/security/pam_limits.so
> session     required      /lib/security/pam_unix.so
> 
> ************************************************************
> login
> 
> #New
> auth       required     /lib/security/pam_securetty.so
> auth       sufficient   /lib/security/pam_winbind.so
> auth       sufficient   /lib/security/pam_unix.so use_first_pass
> auth       required     /lib/security/pam_stack.so service=system-auth
> auth       required     /lib/security/pam_nologin.so
> account    sufficient   /lib/security/pam_winbind.so
> account    required     /lib/security/pam_stack.so service=system-auth
> password   required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_stack.so service=system-auth
> session    optional     /lib/security/pam_console.so
> 
> ********************************************************************
> gdm
> 
> auth       required     /lib/security/pam_stack.so service=system-auth
> auth       required     /lib/security/pam_nologin.so
> account    required     /lib/security/pam_stack.so service=system-auth
> password   required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_stack.so service=system-auth
> session    optional     /lib/security/pam_console.so
> 
> ***********************************************************************
> other
> #%PAM-1.0
> auth     required       /lib/security/pam_deny.so
> account  required       /lib/security/pam_deny.so
> password required       /lib/security/pam_deny.so
> session  required       /lib/security/pam_deny.so
> 
> ***********************************************************************
> samba
> auth       required     pam_nologin.so
> auth       required     pam_stack.so service=system-auth
> auth       required     /lib/security/pam_winbind.so
> account    required     /lib/security/pam_winbind.so
> account    required     pam_stack.so service=system-auth
> session    required     /lib/security/pam_mkhomedir.so
> skel=/etc/samba/skel umask=0022
> session    required     pam_stack.so service=system-auth
> password   required     pam_stack.so service=system-auth
> 
> **********************************************************************
> 
> Make sure that samba and winbind are off while editing these files.  Add
> whatever lines to the pam.d files to make them look like these.  delete
> the file in /etc/samba called secrets.tdb.  After adding, start samba
> and winbind.  I found that restarting the server helped getting PAM to
> work after editing the files.  After the reboot..
> 
> Add your server to the win2k domain... 
> 
> smbpasswd -j DOMAIN -r PDC -U administrator
> 
> test your configuration.  wbinfo -u , will show you all domain users
> wbinfo -g will show you all domain groups
> getenv passwd , will show you the updated password file.
> 
> Note in the smb.conf file you have to specify the winbind separator I
> used a +, that way it does not get confuesed with \ from windows and /
> from unix.  You must use this format to log into the termserv clients.
> 
> DOMAIN+windowsUsername  
> 
> the domain must be in caps, and you must include the + sign.
> 
> **Note: be Very carefull when editing the PAM files, if you mess them up
> you may not be able to log into the terminal server.
> 
> Hope this helps
> 
> Chuck Sullivan
> CDBird.Net
> 
> 
> On Fri, 2003-02-28 at 12:38, [EMAIL PROTECTED] wrote:
> > On Fri, 28 Feb 2003, you wrote:
> > David: I went to galeon after a little time with phoenix. its gracious with
> > citrix and has never gone crackerdog on me. Any thoughts on authentication
> > I been beating my head against the wALL TRYING TO AUTHENTICATE TO W2000.
> > At this point i believe winbind does authenticate but I get a gdm-binary 
> > authenticaton error. I played with /etv/pam.d/gdm but the defaults all point to
> > system auth. Can't see why? I know I'd just as soon go all linux but this is
> > what i got for now. Chuck
> > 
> > 
> > 
> > _______________________________________________
> > K12OSN mailing list
> > [EMAIL PROTECTED]
> > https://listman.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> 
> 
> 
> _______________________________________________
> K12OSN mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_____________________________________________________________________
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
      https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

[Ltsp-discuss] ltxp and authenticatio to win 2000-forweard

Reply via email to