PAM module pam_mkhomedir, although I added the debug -switch to it.
Otherwise, the system works: the shared secret is ok, wbinfo -u shows all NT4 -users correctly,
and the NT4 -users can even create a samba -mount, provided the mounted directory has
world rwx -permissions (such as the /tmp below in the smb.conf). This means the authentication works ok, but the unix box is just not aware of any winbindd users, even though samba is.
Any clues, where to look for the problem? And yes, I did search through winbindd how-tos and
this mailing list archives and tried all the tricks there. I also do not have any local users
by the same names as the NT4 has them, thus, no conflicts here. Samba has been compiled
with all necessary support (PAM, winbind etc. ) to support this scheme. /etc/nsswitch.conf
has been edited to include winbind. ldconfig has been run to include the winbind shared modules. No nscd or any other NSS services are running. What can still be wrong?
PAM configuration file "samba":
#%PAM-1.0
# pam_smbpass.so authenticates against the smbpasswd file
auth required pam_smbpass.so nodelay
account required /lib/security/pam_stack.so service=system-auth-winbind
session required /lib/security/pam_stack.so service=system-auth-winbind
password required pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf
The service -lines were edited according to the instructions in smb.conf comments
to include system-auth-winbind:
#%PAM-1.0
# $Header: /home/cvsroot/gentoo-x86/net-fs/samba/files/system-auth-winbind,v 1.1
2002/05/06 19:57:08 woodchip Exp $
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 debug
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
My smb.conf looks like:
# Global parameters
[global]
dos charset = 850
unix charset = UTF8
workgroup = TESTWG
server string = %h Samba Server %v
interfaces = 192.168.1.1/23 192.168.3.1/23
security = DOMAIN
map to guest = Bad User
log level = 2
log file = /var/log/samba3/log.%m
max log size = 500
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
local master = No
dns proxy = No
remote announce = 192.168.2.255 192.168.3.255
remote browse sync = 192.168.2.255 192.168.3.255
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = _
printer admin = '@Domain Admins'
hosts allow = 192.168.1., 192.168.2., 192.168.3., 127.
hosts deny = ALL
map acl inherit = Yes
printing = cups[homes]
comment = Home dirs
read only = No
browseable = No[printers]
comment = Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
browseable = No
[print$]
path = /var/lib/samba/printers
write list = @adm, root
guest ok = Yes[tmp]
comment = temporary files
path = /tmp
guest ok = Yes
-- ArNO 2 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
