• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

SAMBA & Winbind Problems - What next?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux

View previous topic :: View next topic  
Author Message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Fri Sep 27, 2002 1:42 pm    Post subject: SAMBA & Winbind Problems - What next? Reply with quote

I've had a long ride setting up SAMBA and Winbind, essentially what
I'm trying to do at the moment is transfer the file server from the Win2k server to a Linux machine to east the strain and spread the network traffic out over different switches.

I am using SAMBA 2.2.5 and Debian 3.0.

I have SAMBA working fine, I can browse the Public and Temp shares and write to them from a Win2k machine.

I have Winbind working as far as I can tell, wbinfo -t gives an ok, wbinfo -u returns users and same for -g.

I have done getent passwd and getent group and all the users show up ok.

When I try and logout and log back into Xwindows with a Domain rather than local user (they are all listed correctly in kdm DOMAIN+User), the login always fails even when I know the password is correct.

I can browse my home directory, but only if I have a local user on the linux machine that matches my network logon if I try from another logon without the equivalent linux entry it doesn't work.

The domain authentication doesn't seem to working.

(security = domain is set).

How do I create and get home directories working and how do I set up shares with group properties, e.g. only Managers are allowed access etc.

Config files and more available on request.

Do I need to do all the PAM authentication stuff? I've tried but my source directory doesn't contain a pam_winbind.so file?

Pretty lost on what to do now.. Embarassed Shocked Embarassed
Back to top
View user's profile Send private message Visit poster's website
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Fri Sep 27, 2002 3:35 pm    Post subject: Reply with quote

U using mixed mode or win2k authentication?

Last looked at samba about a year ago and there were some biggish issues with the Win2k only authentication. Some 5h17 to do with the secure channel i think Confused .
Back to top
View user's profile Send private message Send e-mail
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Fri Sep 27, 2002 3:42 pm    Post subject: Reply with quote

Mixed cos we're mostly Win98, only me who uses Win2k Wink

Nah SAMBA has come a long way now, and Winbind, can deal with AD and everything now I think.

3 Alpha was released today aswell, I might way till that goes RC or something and try again with that.

I think it might just be PAM issues though..
Back to top
View user's profile Send private message Visit poster's website
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Fri Sep 27, 2002 4:13 pm    Post subject: Reply with quote

I think you're right.

I had a look at the man page for winbindd
http://us1.samba.org/samba/docs/man/winbindd.8.html
and it does mention using pam_winbind to handle the authentication.

I looks a lot better than my last experience so I'll be playing with samba again v v soon!

Cool
Back to top
View user's profile Send private message Send e-mail
hads
Trusted SF Member
Trusted SF Member


Joined: 23 May 2002
Posts: 3
Location: New Zealand

Offline

PostPosted: Fri Sep 27, 2002 4:42 pm    Post subject: Reply with quote

'scuse me for asking but I thought that the domain security was only for users connectiong to the samba box from another box.

I didn't think that it had reached the stage of e.g allowing local user logon on the linux box authenticating in the domain. Only users accessing the shares etc could be authenticated against the domain.

I could be completely wrong and behind the times tho... if so could you point me to docs that show where you can replace local nix users with domain security? Would be interesting.
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Fri Sep 27, 2002 4:50 pm    Post subject: Reply with quote

Nope SAMBA can be a PDC now, and Winbind allows you to logon Domain users without having to create local accounts.

It supports roaming profiles, home directories the lot.

All I'm trying to do at the moment is move users home directories and the main company files shares but use Domain authentication for the shares.

Check out the docs at:

http://samba.mirror.ac.uk/samba/docs/man/winbindd.8.html

http://samba.mirror.ac.uk/samba/docs/man/wbinfo.1.html

http://samba.mirror.ac.uk/samba/docs/Samba-HOWTO-Collection.html

http://samba.mirror.ac.uk/samba/docs/Samba-HOWTO-Collection.html#WINBIND
Back to top
View user's profile Send private message Visit poster's website
hads
Trusted SF Member
Trusted SF Member


Joined: 23 May 2002
Posts: 3
Location: New Zealand

Offline

PostPosted: Fri Sep 27, 2002 5:11 pm    Post subject: Reply with quote

hmmm... yeah, I was kinda on a different wavelength Confused (am + beer)

I knew about the PDC function etc. (halfway through doing the same thing myself at one site)

I just didn't think you would be able to logon to the linux box locally with a domain account (for some reason or other). Rather, just access shares with domain accounts.

I must go do some reading now.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register