I typed that question up rather hastily last night before leaving work: I'll add that i'm running Redhat 8.0, Samba 2.2.7a --with-pam (should have done --with-winbind, but i didn't know about that with option until after). Another note: i had just freshly installed Redhat 8.0 with absolutely no smb/samba options -so i've had to setup pretty much everything by hand - scripts and all. (of course, i wasn't bright enough to realize that the samba source comes with the init.d run scripts until after..!) 1. what i want: To physically login to the linux box with my NT 4.0 domain username, and have access to all the domain shares/printers/email as if i were on a windows machine. i realize the only way to connect to native exchange server and have contacts/calender function is to use ximian evolution with the connector- which you have to pay for...pop3 works okay i guess. 2. issue 1> I am able to login, but I'm finding it difficult to browse the windows shares - as said in the previous message, if i open Konqueror and type smb://pcnetbiosname i get a prompt to provide login creds, then it displays the shares, then i click the share i want, then it asks again for login credentials, then it just sits there thinking... in your guys' experience what are some of the better "Network Neighborhood" browsers?/best way to connect to windows shares with the gui? (KDE or GNOME) issue 2> when i login from the shell, I get a "id: cannot find name for group ID 10000" . If i login at the X login it seems to authenticate right, but then it just brings me right back to the login screen... issue 3 smbd> there are multiple smbd daemons running...so far not more than 2, maybe 3..when i restart the daemon /etc/rc.d/init.d/smb restart - it loads nmbd and smbd just fine, and there is only one of each. i'll look back a while later and there are a couple smbd's..is this normal? Does smbd run an instance for each connection? issue 4 smbstatus> when i lookup smbstatus - it displays that i have a connection to 10.100.101.1 which is an NT 4.0 PDC on a different subnet (same subnet mask) -it doesn't display the PDC on my local subnet...strange? in my smb.conf it's supposed to connect to 10.100.100.1 -- question 5> is this setup supposed to be case sensitive when loggin in with Domain+username and password? my NT passwords (and even one of my logins) contain both upper and lowercase + numerical characters 3. what i did: configured samba from /usr/local/src/samba-2.2.7a --with-smbmount --with-pam (should have added winbind? any others?) configured smb.conf: (it's in /usr/local/samba/lib/smb.conf) ------------------------------------------------ [global] name resolve order = wins lmhosts bcast wins server = 10.100.100.1 wins support = no domain master = no local master = no os level = 0 preferred master = no workgroup = INFORMANT server string = PC118 netbios name = PC118 security = domain password server = SRV01 SRV02 #(PDC and BDC respectively) encrypt passwords = yes smb passwd file = /usr/local/samba/private/smbpasswd winbind separator = + winbind gid = 10000-20000 winbind uid = 10000-20000 winbind enum groups = yes winbind enum users = yes #(there are about 85 users on our domain, and only 9 groups) template shell = /bin/bash template homedir = /home/%D/%U [public] #it was just a quick attempt to create a domain accessible share for anyone,i can open the share but cannot write to it. path = /transfer ##which has drwxr-xr-x permissions owned by root## guest ok = yes writeable = yes --------------------------------- i have the scripts for nmbd/smbd/winbindd in /etc/rc.d/init.d/smb and /etc/rc.d/init.d/winbindd - with symlinks to rc3, rc5, and rc6 (K) i did: touch /var/cache/samba/unexpected.tdb #(though i have no clue what this does) I joined the domain successfully with [ [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> /] smbpasswd -j INFORMANT -r SRV01 -U Administrator #(password entered when prompted) joined domain successfully I edited /etc/nsswitch.conf so that passwd: files winbind shadow: files nisplus group: files winbind I tested wbinfo -u and -g, it gets users/groups from domain. /]getent passwd gets a password list from domain (is it supposed to save them in /etc/passwd or anywhere else or just DISPLAY the domain users/passwords? it displays them, but doesn't save them anywhere. i assume that's correct). created home dir for domain users: mkdir /home/INFORMANT chmod 755 /home/INFORMANT from samba-2.2.7a/source/]# cp nsswitch/pam_winbind.so /lib/security /]# chmod 755 /lib/security/pam_winbind.so samba-2.2.7a/source /]# cp nsswitch/libnss_winbind.so /lib chmod 755 /lib/libnss_winbind.so /]# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 Edited PAM modules /etc/pam.d/system-auth #%PAM-1.0 auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 type= password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so ----------- edited /etc/pam.d/login #%Pam-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 After all that i also did the mksmbpasswd.sh as instructed in the Encryption.html (i think it was encryption) - is this necessary when running security = domain with winbind?? [EMAIL PROTECTED] private/]# chmod 500 .; chmod 600 smbpasswd here are my startup scripts: /etc/rc.d/init.d/smb ------------------------------------------ #!/bin/sh # #chkconfig: - 91 35 # # source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 #Check that smb.conf exists [ -f /usr/local/samba/lib/smb.conf ] || exit 0 RETVAL=0 #(this means "return value"? i'm not a programmer, so i was curious about this parameter.) # See how we were called. case "$1" in start) killall smbd killall nmbd echo -n "Starting SMB services: " /usr/local/samba/bin/smbd -D echo -n "Starting NMB services: " /usr/local/samba/bin/nmbd -D echo ;; stop) killall smbd killall smbd ;; restart) $0 stop $0 start RETVAL=$? ;; reload) kill -SIGHUP `cat /usr/local/samba/var/locks/smbd.pid` kill -SIGHUP `cat /usr/local/samba/var/locks/nmbd.pid` ;; status) statusproc /usr/local/samba/bin/smbd #(note> statusproc seems to be an unkown command on my system) statusproc /usr/local/samba/bin/nmbd RETVAL=$? ;; *) echo "Usage: $0 {start|stop|restart|status}" exit 1 esac exit $RETVAL --------------------------------------------------------- is the winbindd daemon script pertinent? I basically pieced the smb script together from snippets i found on the web, i suppose i could copy over the sample script found in the examples file in the samba source - would this solve my multiple smbd issue? Thanks again for any insight you can offer me on the above problems! If anyone finds this step-by-step samba/winbind for NT 4.0 domain useful, that's great too. like i said, it's CLOSE to working nicely.. my goal at the moment is to have a windows 98/nt workstation replacement machine (linux) to access NT shares/printers/exchange server - for doing day to day work/emails, nothing to fancy. i just want it to function easily when manually browsing "network neighborhood" and opening shares/printing. if at all possible that is... Jason Sheldon
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
