I'm trying to setup a Solaris 10 Sparc station to authenticate users on
login with Windows ADS. I have found the documentation for this but
having no luck in getting the pam modules to work. Here is what I have
done so far:
Compiling Kerberos MIT5-1.8.3:
cd into the src directory
./configure --prefix=/opt/local
gmake
gmake install
Compiling Samba 3.5.6:
setenv CFLAGS "-O2"
setenv LDFLAGS "-L/opt/local/lib -Wl,-R/opt/local/lib"
setenv CPPFLAGS "-I/opt/local/include"
./configure --prefix=/opt/local --with-pam --with-ads --with-winbind
--with-krb5=/opt/local
gmake
gmake install
Compiles and installs with no errors. Here is my samba conf. file:
[global]
workgroup = DOMAINNAME
realm = DOMINNAME.EDU
security = ADS
password server = domainname.edu
log file = /var/samba/log/log.%m
max log size = 50
load printers = No
utmp = Yes
idmap backend = idmap_rid:DOMAINNAME=100000-500000
idmap uid = 100000-500000
idmap gid = 100000-500000
template homedir = /home/%U
template shell = /bin/tcsh
winbind cache time = 1800
winbind enum users = No
winbind enum groups = No
winbind use default domain = Yes
winbind separator = /
create krb5 conf = No
Krb5.conf:
[libdefaults]
default_realm = DOMAINNAME.EDU
[realms]
DOMAINNAME.EDU = {
kdc = server.domainname.edu
}
[domain_realm]
.server.domainname.edu = DOMAINNAME.EDU
server.domainname.edu = DOMAINNAME.EDU
Then I was able to join okay:
# ./net ads join -U user
Enter user's password:
Using short domain name -- DOMAINNAME
Joined 'SUNTEST1' to realm 'DomainName.EDU'
# ./net ads testjoin
Join is OK
I can get info from the ADS from wbinfo command just fine. But I cannot get
anything via
getent passwd user_name or getent group group_name
I did copy the libnss_winbind.so from the samba build and have the
pam_winbind.so linked in as well:
# cd /usr/lib
# ls -l *winbind*
-r-xr-xr-x 1 root root 50880 Dec 20 13:07 libnss_winbind.so
lrwxrwxrwx 1 root root 17 Dec 17 15:29
libnss_winbind.so.1 -> libnss_winbind.so
lrwxrwxrwx 1 root root 17 Dec 17 15:30
libnss_winbind.so.2 -> libnss_winbind.so
lrwxrwxrwx 1 root root 17 Dec 20 13:41 nss_winbind.so.1
-> libnss_winbind.so
lrwxrwxrwx 1 root root 17 Dec 20 13:41 nss_winbind.so.2
-> libnss_winbind.so
# cd /usr/lib/security/
# ls -l *winbind*
lrwxrwxrwx 1 root root 38 Dec 20 13:04 pam_winbind.so ->
/opt/local/lib/security/pam_winbind.so
lrwxrwxrwx 1 root root 38 Dec 20 13:05 pam_winbind.so.1
-> /opt/local/lib/security/pam_winbind.so
My pam.conf:
login auth sufficient /opt/local/lib/security/pam_winbind.so
try_first_pass
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
other auth sufficient /opt/local/lib/security/pam_winbind.so
try_first_pass
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth required pam_unix_auth.so.1
other session sufficient /opt/local/lib/security/pam_winbind.so
try_first
_pass
other session required pam_unix_session.so.1
What am I missing????
--
C. J. Keist Email: cj.ke...@colostate.edu
Systems Group Manager Phone: 970-491-0630
Engineering Network Services Fax: 970-491-5569
College of Engineering, CSU
Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness'
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
