Sure, I'll let you know, but could you pass along what you have for pam_mount? I didn't even start down that path yet. I'm glad to here I'm not alone though. Additionally, this may sound really naive, but what's the point of logging into a domain if you can't get anywhere?
Khanh Tran Network Operations Sarah Lawrence College -----Original Message----- From: Aaron Bennett [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 20, 2003 9:11 AM To: Khanh Tran Cc: '[EMAIL PROTECTED]' Subject: Re: [Samba] Help with Winbind Kanh -- I'm currently beating my head against the pam_mount wall, with no luck. It's the only way I can think of to do this w/o storing the password in plain text. pam_mount is supposed to be able to mount using the login credentials, but I haven't been able to make it work. I'll report any results I find. If you come across any other solutions, could you let me know? Cheers, Aaron Bennett Khanh Tran wrote: > OK, so I got all pam problems sorted out. For those interested, this > pam/gdm worked on my RH 8.0 box: > > auth sufficient /lib/security/pam_winbind.so > auth sufficient /lib/security/pam_unix.so likeauth use_first_pass > nullok > auth required /lib/security/pam_stack.so service=system-auth > auth required /lib/security/pam_nologin.so > account sufficient /lib/security/pam_winbind.so > account required /lib/security/pam_stack.so service=system-auth > password required /lib/security/pam_stack.so service=system-auth > session required /lib/security/pam_stack.so service=system-auth > session optional /lib/security/pam_console.so > > The only difference from what I had been using was the addition of the > likeauth and nullok options on the pam_unix.so library. > > Now on to my next issue with home directories! I've tried two methods. > > First, I've used what the Winbind docs says for template homedir in > smb.conf: /home/%D/%U. When my user logs in, i get an error that the home > directory does not exist and then logs the user out. This is expected > because they don't exist locally :) > > Second, I tried first mounting all my users' home directories (we mount them > here under windows like Novell used to) under /home.DOMAIN. Then, I changed > template homdir to /home/home.%D and restarted the Samba daemons. The user > can log in, but I get the following permission error because I've got the > home dirs mounted as root. > > Feb 20 08:12:26 Martyr gdm[849]: gdm_slave_session_start: Directory > /home.DOMAIN/user/.gnome2 does not exist. > Feb 20 08:12:26 Martyr gdm[849]: gdm_slave_session_start: Directory > /home.DOMAIN/user/.gnome2 does not exist. > Feb 20 08:12:26 Martyr gdm[849]: gdm_auth_user_add: /home.DOMAIN/user is not > owned by uid 10173. > Feb 20 08:12:47 Martyr gdm(pam_unix)[849]: session closed for user > DOMAIN\user > > So, I guess my question is, is there a way to mount each user's home > directory with their proper auth credentials under unix? I've read through > the MARC archives and seen brief mentions of a hacked pam_mount, but nothing > detailed or a more "standard" solution. > > Thanks again for everyone's help. > > Khanh Tran > Network Operations > Sarah Lawrence College > > > -----Original Message----- > From: Aaron Bennett [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 19, 2003 4:51 PM > To: Khanh Tran > Cc: '[EMAIL PROTECTED]' > Subject: Re: [Samba] Help with Winbind > > > For debugging purposes, put the machine in console mode (init 4 or > whatever, just kill kdm/xdm/kdm), and modify /etc/pam.d/login as > directed in the Howto. Login is much simpler then gdm, so you don't > have to worry about multiple levels of pam stuf. > > best luck, > > Aaron Bennett > UNIX Administrator > Franklin W. Olin College of Engineering > > Khanh Tran wrote: > >>OK, so I added the lines to /etc/pam.d/gdm file. It's not a big deal for > > me > >>to re-install RH on this box, so I didn't bother with the telnet test. >> >>Anyway, I put in my username and password, and get this error: >>Feb 19 14:33:31 Martyr gdm(pam_unix)[835]: authentication failure; > > logname= > >>uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost >> >>But RH doesn't return to the username prompt, it asks for the password >>again, so I enter the same password again, and get: >>Feb 19 14:33:45 Martyr pam_winbind[835]: user 'ADMIN+khanh' granted acces >>Feb 19 14:33:45 Martyr gdm(pam_unix)[835]: check pass; user unknown >>Feb 19 14:33:48 Martyr gdm-binary[835]: Couldn't authenticate user >>Feb 19 14:33:48 Martyr gdm(pam_unix)[835]: 1 more authentication failure; >>logname= uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost >> >>I'm guessing from the error that the box is trying to authenticate the > > user > >>to the local passwd file? Anyway, thanks again for the help, but any more >>ideas? >> >>Khanh Tran >>Network Operations >>Sarah Lawrence College >> >> >>-----Original Message----- >>From: bin wen [mailto:[EMAIL PROTECTED]] >>Sent: Wednesday, February 19, 2003 2:24 PM >>To: Khanh Tran; '[EMAIL PROTECTED]' >>Subject: RE: [Samba] Help with Winbind >> >> >>Looks like you are login through GDM, so you probably >>have to change the /etc/pam/gdm file too. Before you >>do that, you may want to just do a telnet to the RH >>see what happens. >>--- Khanh Tran <[EMAIL PROTECTED]> wrote: >> >> >>>I changed the pam conf per the 12.5.3.6 section. >>>Here's what I've got: >>> >>>pam.d/login: >>>#%PAM-1.0 >>>auth required >>>/lib/security/pam_securetty.so >>>auth sufficient /lib/security/pam_winbind.so >>>auth sufficient /lib/security/pam_unix.so >>>use_first_pass >>>auth required /lib/security/pam_stack.so >>>service=system-auth >>>auth required /lib/security/pam_nologin.so >>>account sufficient /lib/security/pam_winbind.so >>>account required /lib/security/pam_stack.so >>>service=system-auth >>>password required /lib/security/pam_stack.so >>>service=system-auth >>>session required /lib/security/pam_stack.so >>>service=system-auth >>>session optional /lib/security/pam_console.so >>> >>>Khanh Tran >>>Network Operations >>>Sarah Lawrence College >>> >>> >>>-----Original Message----- >>>From: bin wen [mailto:[EMAIL PROTECTED]] >>>Sent: Wednesday, February 19, 2003 1:58 PM >>>To: Khanh Tran; '[EMAIL PROTECTED]' >>>Subject: Re: [Samba] Help with Winbind >>> >>> >> >>>From your log file, it looks like the RH still uses >> >>>the pam_unix module to authenticate. Have you >>>changed >>>the pam configuration to use winbindd following the >>>isntruction in section 12.5.3.6 ? >>>--- Khanh Tran <[EMAIL PROTECTED]> wrote: >>> >>> >>>>I've been trying for weeks to get winbind working >>>>with RedHat Linux 8.0. >>>>I've got everything setup per the winbind docs on >>>> >>> >>http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html#WINBIND. >> >> >>>> >>>>I've successfully joined my NT4 domain with >>>>smbpasswd -j DOMAIN -r PDC -U >>>>Administrator. Running wbinfo -u returns my >>> >>>domain >>> >>> >>>>user list, as well as >>>>wbinfo -g returning my domain groups. getent >>> >>>passwd >>> >>> >>>>returns the domain user >>>>list in the passwd format, and getent group does >>> >>>the >>> >>> >>>>same. I've then set up >>>>my /etc/pam.d/login to match the one on the HOWTO. >>>> >>>>The problem is that when I go to login (username: >>>>DOMAIN+user), the >>>>workstation won't log me in. My messages log >>>>returns only: >>>> >>>>Feb 19 13:20:46 Martyr gdm(pam_unix)[835]: check >>>>pass; user unknown >>>>Feb 19 13:20:46 Martyr gdm(pam_unix)[835]: >>>>authentication failure; logname= >>>>uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost >>>>Feb 19 13:20:47 Martyr gdm-binary[835]: Couldn't >>>>authenticate user >>>> >>>>Any help is greatly appreciated, and thanks in >>>>advance! >>>> >>>>Khanh Tran >>>>Network Operations >>>>Sarah Lawrence College >>>> >>>>-- >>>>To unsubscribe from this list go to the following >>>>URL and read the >>>>instructions: >>> >>>http://lists.samba.org/mailman/listinfo/samba >>> >>> >>>__________________________________________________ >>>Do you Yahoo!? >>>Yahoo! Shopping - Send Flowers for Valentine's Day >>>http://shopping.yahoo.com >>> >> >> >> >>__________________________________________________ >>Do you Yahoo!? >>Yahoo! Shopping - Send Flowers for Valentine's Day >>http://shopping.yahoo.com >> > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
