I found the following instructions to set up LTSP to authenticate to a 2k DOMAIN using winbind and Samba.
I was wondering if there was a way to use the security = ads instead of security = domain Anyone have some ideas? SEE BELOW: List: ltsp-discuss Subject: [Ltsp-discuss] ltxp and authenticatio to win 2000-forweard From: "cliebow () downeast ! net" <cliebow () downeast ! net> Date: 2003-03-03 22:46:04 [Download message RAW] In hopes this may help someone else. Works like a charm for me.. The only change I made was to comment out winbind separator line and add winbind default domain= Syntax may not be perfect but ihave it at school. Eliminates need to put doamin name . Chuck > these are the conf files I created to get winbind to work... > > /etc/samba/smb.conf > # Global parameters > [global] > log file = /var/log/samba/%m.log > passwd chat = *New*password* %n\n *Retype*new*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > obey pam restrictions = Yes > wins server = ipAddress of winserver > encrypt passwords = yes > winbind uid = 10000-20000 > passwd program = /usr/bin/passwd %u > template shell = /bin/bash > dns proxy = No > printing = cups > server string = Linux TermServer > password server = * > winbind gid = 10000-20000 > unix password sync = yes > local master = No > template homedir = /u/%D/%U > workgroup = your domainName > security = DOMAIN > create mode = 700 > winbind separator = + > max log size = 0 > pam password change = Yes > directory mode = 700 > > [homes] > comment = Home Directories > valid users = %D+%S > read only = No > create mask = 0664 > directory mask = 0775 > browseable = No > > This will share the users home folder on the terminal server, if you > dont want to put the user folders on the termserv comment out the > [homes] share. > > ******************************************************** > > /etc/nsswitch.conf add this > > passwd: files winbind nisplus > shadow: files winbind nisplus > group: files winbind nisplus > > ********************************************************* > > In /etc/pam.d > > system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required /lib/security/pam_env.so > auth sufficient /lib/security/pam_winbind.so > auth sufficient /lib/security/pam_unix.so likeauth nullok > use_first_pass > auth required /lib/security/pam_deny.so > > account sufficient /lib/security/pam_winbind.so > account required /lib/security/pam_unix.so > > password required /lib/security/pam_cracklib.so retry=3 type= > password sufficient /lib/security/pam_unix.so nullok use_authtok > md5 shadow > password required /lib/security/pam_deny.so > > session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ > umask=0022 > session required /lib/security/pam_limits.so > session required /lib/security/pam_unix.so > > ************************************************************ > login > > #New > auth required /lib/security/pam_securetty.so > auth sufficient /lib/security/pam_winbind.so > auth sufficient /lib/security/pam_unix.so use_first_pass > auth required /lib/security/pam_stack.so service=system-auth > auth required /lib/security/pam_nologin.so > account sufficient /lib/security/pam_winbind.so > account required /lib/security/pam_stack.so service=system-auth > password required /lib/security/pam_stack.so service=system-auth > session required /lib/security/pam_stack.so service=system-auth > session optional /lib/security/pam_console.so > > ******************************************************************** > gdm > > auth required /lib/security/pam_stack.so service=system-auth > auth required /lib/security/pam_nologin.so > account required /lib/security/pam_stack.so service=system-auth > password required /lib/security/pam_stack.so service=system-auth > session required /lib/security/pam_stack.so service=system-auth > session optional /lib/security/pam_console.so > > *********************************************************************** > other > #%PAM-1.0 > auth required /lib/security/pam_deny.so > account required /lib/security/pam_deny.so > password required /lib/security/pam_deny.so > session required /lib/security/pam_deny.so > > *********************************************************************** > samba > auth required pam_nologin.so > auth required pam_stack.so service=system-auth > auth required /lib/security/pam_winbind.so > account required /lib/security/pam_winbind.so > account required pam_stack.so service=system-auth > session required /lib/security/pam_mkhomedir.so > skel=/etc/samba/skel umask=0022 > session required pam_stack.so service=system-auth > password required pam_stack.so service=system-auth > > ********************************************************************** > > Make sure that samba and winbind are off while editing these files. Add > whatever lines to the pam.d files to make them look like these. delete > the file in /etc/samba called secrets.tdb. After adding, start samba > and winbind. I found that restarting the server helped getting PAM to > work after editing the files. After the reboot.. > > Add your server to the win2k domain... > > smbpasswd -j DOMAIN -r PDC -U administrator > > test your configuration. wbinfo -u , will show you all domain users > wbinfo -g will show you all domain groups > getenv passwd , will show you the updated password file. > > Note in the smb.conf file you have to specify the winbind separator I > used a +, that way it does not get confuesed with \ from windows and / > from unix. You must use this format to log into the termserv clients. > > DOMAIN+windowsUsername > > the domain must be in caps, and you must include the + sign. > > **Note: be Very carefull when editing the PAM files, if you mess them up > you may not be able to log into the terminal server. > > Hope this helps > > Chuck Sullivan > CDBird.Net > > > On Fri, 2003-02-28 at 12:38, [EMAIL PROTECTED] wrote: > > On Fri, 28 Feb 2003, you wrote: > > David: I went to galeon after a little time with phoenix. its gracious with > > citrix and has never gone crackerdog on me. Any thoughts on authentication > > I been beating my head against the wALL TRYING TO AUTHENTICATE TO W2000. > > At this point i believe winbind does authenticate but I get a gdm-binary > > authenticaton error. I played with /etv/pam.d/gdm but the defaults all point to > > system auth. Can't see why? I know I'd just as soon go all linux but this is > > what i got for now. Chuck > > > > > > > > _______________________________________________ > > K12OSN mailing list > > [EMAIL PROTECTED] > > https://listman.redhat.com/mailman/listinfo/k12osn > > For more info see <http://www.k12os.org> > > > > _______________________________________________ > K12OSN mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/k12osn > For more info see <http://www.k12os.org> ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
