View previous topic :: View next topic |
Author |
Message |
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Fri Sep 27, 2002 1:42 pm Post subject: SAMBA & Winbind Problems - What next? |
|
|
I've had a long ride setting up SAMBA and Winbind, essentially what
I'm trying to do at the moment is transfer the file server from the Win2k server to a Linux machine to east the strain and spread the network traffic out over different switches.
I am using SAMBA 2.2.5 and Debian 3.0.
I have SAMBA working fine, I can browse the Public and Temp shares and write to them from a Win2k machine.
I have Winbind working as far as I can tell, wbinfo -t gives an ok, wbinfo -u returns users and same for -g.
I have done getent passwd and getent group and all the users show up ok.
When I try and logout and log back into Xwindows with a Domain rather than local user (they are all listed correctly in kdm DOMAIN+User), the login always fails even when I know the password is correct.
I can browse my home directory, but only if I have a local user on the linux machine that matches my network logon if I try from another logon without the equivalent linux entry it doesn't work.
The domain authentication doesn't seem to working.
(security = domain is set).
How do I create and get home directories working and how do I set up shares with group properties, e.g. only Managers are allowed access etc.
Config files and more available on request.
Do I need to do all the PAM authentication stuff? I've tried but my source directory doesn't contain a pam_winbind.so file?
Pretty lost on what to do now..
|
|
Back to top |
|
|
b4rtm4n Trusted SF Member
Joined: 26 May 2002 Posts: 16777206 Location: Bi Mon Sci Fi Con
|
Posted: Fri Sep 27, 2002 3:35 pm Post subject: |
|
|
U using mixed mode or win2k authentication?
Last looked at samba about a year ago and there were some biggish issues with the Win2k only authentication. Some 5h17 to do with the secure channel i think .
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Fri Sep 27, 2002 3:42 pm Post subject: |
|
|
Mixed cos we're mostly Win98, only me who uses Win2k
Nah SAMBA has come a long way now, and Winbind, can deal with AD and everything now I think.
3 Alpha was released today aswell, I might way till that goes RC or something and try again with that.
I think it might just be PAM issues though..
|
|
Back to top |
|
|
b4rtm4n Trusted SF Member
Joined: 26 May 2002 Posts: 16777206 Location: Bi Mon Sci Fi Con
|
Posted: Fri Sep 27, 2002 4:13 pm Post subject: |
|
|
I think you're right.
I had a look at the man page for winbindd
http://us1.samba.org/samba/docs/man/winbindd.8.html
and it does mention using pam_winbind to handle the authentication.
I looks a lot better than my last experience so I'll be playing with samba again v v soon!
|
|
Back to top |
|
|
hads Trusted SF Member
Joined: 23 May 2002 Posts: 3 Location: New Zealand
|
Posted: Fri Sep 27, 2002 4:42 pm Post subject: |
|
|
'scuse me for asking but I thought that the domain security was only for users connectiong to the samba box from another box.
I didn't think that it had reached the stage of e.g allowing local user logon on the linux box authenticating in the domain. Only users accessing the shares etc could be authenticated against the domain.
I could be completely wrong and behind the times tho... if so could you point me to docs that show where you can replace local nix users with domain security? Would be interesting.
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
|
Back to top |
|
|
hads Trusted SF Member
Joined: 23 May 2002 Posts: 3 Location: New Zealand
|
Posted: Fri Sep 27, 2002 5:11 pm Post subject: |
|
|
hmmm... yeah, I was kinda on a different wavelength (am + beer)
I knew about the PDC function etc. (halfway through doing the same thing myself at one site)
I just didn't think you would be able to logon to the linux box locally with a domain account (for some reason or other). Rather, just access shares with domain accounts.
I must go do some reading now.
|
|
Back to top |
|
|
|