OK, here's the samba module: #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth session required pam_mkhomedir.so skel=/etc/skel umask=0022 session required pam_stack.so service=system-auth password required pam_stack.so service=system-auth
and here's system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password required /usr/lib/security/pam_sso.so.1 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow #password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so If you need more, please let me know. Dimitri On Thursday March 30 2006 5:45 pm, Paul Matthews wrote: > how about you post your pam module here, you might have it configured to > require both local and winbind users instead of either or > > Paul Matthews > I.T Trainee | The Cathedral School > Ph (07) 47222 194 | Fax (07) 47222 111 > PO Box 944 Aitkenvale Q 4814 > E: [EMAIL PROTECTED] > W: www.cathedral.qld.edu.au > > Anglican coeducation | Day and Boarding | Early Childhood to Year 12 > Educating for life-long success > > *************************************************************************** >* > *************************************************************************** >* *********************************** > > IMPORTANT NOTICE REGARDING CONFIDENTIALITY > > This electronic email message is intended only for the addressee and may > contain confidential information. If you are not the addressee, you are > notified that any transmission, distribution or photocopying of this email > is strictly prohibited. The confidentiality attached to this email is not > waived, lost or destroyed by reasons of a mistaken delivery to you. > > -----Original Message----- > From: Dimitri Yioulos [mailto:[EMAIL PROTECTED] > Sent: Friday, 31 March 2006 8:33 AM > To: Paul Matthews > Subject: Re: [Samba] Winbind and email server > > > top-posting by necessity ... > > Hi, Paul. > > Alas, my nsswitch.conf is properly configured. Any other ideas? > > Dimitri > > On Thursday March 30 2006 5:12 pm, you wrote: > > well the problem i think your having is that you have not edited the > > /etc/nsswitch.conf file. > > > > change from > > > > passwd: files > > shadow: files > > group: files > > > > to: > > > > passwd: winbind files > > shadow: winbind files > > group: winbind files > > > > or something along those lines, play with the /etc/nsswitch.conf to find > > the right configuration for you. > > > > check out the post i've made on my website about how we use have setup my > > mail system, i think i've done it fairly well > > > > http://www.yourhowto.org/content/view/25/9/ > > > > Paul Matthews > > I.T Trainee | The Cathedral School > > Ph (07) 47222 194 | Fax (07) 47222 111 > > PO Box 944 Aitkenvale Q 4814 > > E: [EMAIL PROTECTED] > > W: www.cathedral.qld.edu.au > > > > Anglican coeducation | Day and Boarding | Early Childhood to Year 12 > > Educating for life-long success > > *************************************************************************** > > >* > > *************************************************************************** > > >* *********************************** > > > > IMPORTANT NOTICE REGARDING CONFIDENTIALITY > > > > This electronic email message is intended only for the addressee and may > > contain confidential information. If you are not the addressee, you are > > notified that any transmission, distribution or photocopying of this > > email is strictly prohibited. The confidentiality attached to this email > > is not waived, lost or destroyed by reasons of a mistaken delivery to > > you. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > ]On Behalf Of Dimitri Yioulos > > Sent: Friday, 31 March 2006 1:53 AM > > To: [email protected] > > Subject: [Samba] Winbind and email server > > > > > > Folks, > > > > Sincere apologies for asking this again, but I'm just not getting this to > > work, and must be missing something here: > > > > My company's network is based around a Windows 2003 server AD, with > > several > > > RHEL AS 3 boxes connected to it via samba (3.0.21c-1). This scheme works > > very well. I've set up, and have successfully been using a > > sendmail-based email system, too. > > > > My issue is this: When I create a user account in AD, I have to also > > create it in the mail server. This is inconvenient and inefficient. > > > > I have samba installed on the mail server. I also have the mkhomedir > > module > > > installed, and the appropriate line to invoke it is in the samba, pop, > > and smtp.sendmail config files under /etc/pam.d. My users are using the > > Outlook 2003 mail client. If I create a user in the email server, then > > Outlook has no problem connecting to the mail server using the user's > > credentials from the email server. But, if the user is only created in > > AD, > > > then Outlook complains that the incoming pop server won't authenticate > > the user, despite the fact that winbind is fired up, wbinfo -u shows the > > user, and getent passwd shows the user's credentials. Arrrgh! IMHO, > > this is > > the > > > one small thing that keeps this from being a really great system. > > > > Can anybody show me the way to get over the hump? > > > > Many thanks. > > > > Dimitri > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
