Hi, I fixed the problem by rearranging some statements in the pam.d files
Hurray! Later -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guille Williams Sent: Friday, January 07, 2005 6:01 PM To: samba@lists.samba.org Subject: [Samba] Obey Pam Restrictions Problem 3.0.10 Hi, I was using Samba 3.0.9 on Fedora Core 2 and decided to upgrade to 3.0.10. So I upgrade to Core 3 and installed Samba 3.0.10 and thought I could just copy my settings over to the new build and everything would run smoothly. I thought wrong. Everything seems fine until I enable Obey Pam Restrictions. If enabled I get a login error from XP stating: " Windows cannot locate your roaming profile (read only) and is attempting to log you on with your local profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Logon failure: unknown user name or bad password. " If Obey Pam Restrictions = no everything is fine except the home directory creation! I Obey Pam Restrictions to create Home Directories on the fly when a new user logs into the network. I don't have the time to manually create the directories for all the new students that sign up in the lab. The Obey Pam Restrictions option was working great on Core 2. I have been using this feature ever since I migrated from Samba 2 to Samba 3 and would be sad if I can't fix the problem or find a work around. I hope this problem is not because of Core 3. I can't afford to switch now because school is in session. I also disabled SELiunx because I thought that was the root of all this evil, but that didn't work. Here are the exact setting I used prior to 3.0.10/3.0.11pre1 that worked with 3.0.9 pam.d login auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so pam.d/samba auth required pam_nologin.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_stack.so service=system-auth password required pam_stack.so service=system-auth pam.d/system-auth auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 type= password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so # Global parameters [global] workgroup = SCHOOL server string = Samba Server security = DOMAIN password server = * log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon path = preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 template homedir = /home/%U winbind use default domain = Yes admin users = "@Domain Admins" cups options = raw [homes] comment = Home Directories path = /home/%U read only = No create mask = 0760 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No /etc/nsswitch.conf passwd: files winbind shadow: files group: files winbind Please Help, Guille -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.9 - Release Date: 1/6/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.9 - Release Date: 1/6/2005 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
