On Oct 31, 2003, at 9:59 AM, Gerald (Jerry) Carter wrote:
Unfortunately, no. So I'll have to keep the realms section below I guess.-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mike Ely wrote:
| Basic problem is that domain users can't successfully log | into the linux box. I'm trying to set this box up as | an ltsp server authenticating against our existing AD
...
| [libdefaults] | default_realm = LTSP.FOO.BAR | dns_lookup_realm = false | dns_lookup_kdc = true
Did you enable the DNS lookup during compile? If so then you can get rid of the [realms] section below.
...
| | [realms] | LTSP.FOO.BAR = { ...
How are the users/groups laid out in AD?Well, that problem seems to have gone away - I reboot the machine and see all my domain users in the KDM loginwindow. wbinfo -u confirms this.
| Now, as root, I can change users to any domain user I want to withoutI have it copied to /lib/security/ where all the pam modules are. Is there more to setting it up than that?
| entering a password, using, for example:
| su LTSP+fred
| and "whoami" returns the correct value. However, if I log in as a local
| non-root account and try the same thing, or if I attempt to connect
| remotely using "ssh -l LTSP+fred" I get a failed password error even
| though I'm using a known-good password for that account. BIG problem #2.
Have you setup pam_winbind.so ?
Thanks, I'll look that up.
| I'm sure there's something simple that needs to be changed and all will
| suddenly Just Work. Once that happens, perhaps someone could answer
| this: how do I automatically map the home directory of a domain user to
| their AD-defined home directory (//ltsp-fs1/staff/fred <-->
| /home/LTSP/fred, for example)? I want to have no local storage for
| domain users on the linux box.
See pam_mount.so and smbfs (or patches for the newer cifsvfs).
Mike
--- [This E-mail scanned for viruses by Declude Virus]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
