Hi, This diff adds solaris info to the winbind howto, making Solaris-Winbind-HOWTO.txt obsolete.
Jelmer -- Jelmer Vernooij <[EMAIL PROTECTED]> - http://nl.linux.org/~jelmer/ Development And Underdevelopment: http://library.thinkquest.org/C0110231/ Listening to Error: The server (moosicd) doesn't seem to be running. 12:48:38 up 2 days, 18:28, 15 users, load average: 0.30, 0.19, 0.29
Index: winbind.sgml =================================================================== RCS file: /cvsroot/samba/docs/docbook/projdoc/winbind.sgml,v retrieving revision 1.7 diff -u -3 -p -r1.7 winbind.sgml --- winbind.sgml 8 May 2002 15:34:58 -0000 1.7 +++ winbind.sgml 28 Jun 2002 11:29:52 -0000 @@ -23,9 +23,19 @@ <address><email>[EMAIL PROTECTED]</email></address> </affiliation> </author> - - - <pubdate>16 Oct 2000</pubdate> + <author> + <firstname>Naag</firstname><surname>Mummaneni</surname> + <affiliation> + <address><email>[EMAIL PROTECTED]</email></address> + </affiliation> + </author> + <author> + <firstname>Jelmer</firstname><surname>Vernooij</surname> + <affiliation> + <address><email>[EMAIL PROTECTED]</email></address> + </affiliation> + </author> + <pubdate>27 June 2002</pubdate> </chapterinfo> <title>Unified Logons between Windows NT and UNIX using Winbind</title> @@ -489,6 +499,12 @@ I also found it necessary to make the fo <prompt>root#</prompt> <command>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</command> </para> +<para>And, in the case of Sun solaris: +<prompt>root#</prompt> <command>ln -s /usr/lib/libnss_winbind.so +/usr/lib/libnss_winbind.so.1</command> +<prompt>root#</prompt> <command>ln -s /usr/lib/libnss_winbind.so +/usr/lib/nss_winbind.so.1</command> +<prompt>root#</prompt> <command>ln -s /usr/lib/libnss_winbind.so +/usr/lib/nss_winbind.so.2</command> +</para> + <para> Now, as root you need to edit <filename>/etc/nsswitch.conf</filename> to allow user and group entries to be visible from the <command>winbindd</command> @@ -682,14 +698,18 @@ The same thing can be done for groups wi <sect3> -<title>Fix the <filename>/etc/rc.d/init.d/smb</filename> startup files</title> +<title>Fix the init.d startup scripts</title> + +<sect4> +<title>Linux</title> <para> The <command>winbindd</command> daemon needs to start up after the <command>smbd</command> and <command>nmbd</command> daemons are running. -To accomplish this task, you need to modify the <filename>/etc/init.d/smb</filename> +To accomplish this task, you need to modify the startup scripts of your system. They +are located at <filename>/etc/init.d/smb</filename> in RedHat and +<filename>/etc/init.d/samba</filename> in Debian. script to add commands to invoke this daemon in the proper sequence. My -<filename>/etc/init.d/smb</filename> file starts up <command>smbd</command>, +startup script starts up <command>smbd</command>, <command>nmbd</command>, and <command>winbindd</command> from the <filename>/usr/local/samba/bin</filename> directory directly. The 'start' function in the script looks like this: @@ -744,18 +764,79 @@ stop() { return $RETVAL } </programlisting></para> +</sect4> + +<sect4> +<title>Solaris</title> + +<para>On solaris, you need to modify the +<filename>/etc/init.d/samba.server</filename> startup script. It usually +only starts smbd and nmbd but should now start winbindd too. If you +have samba installed in <filename>/usr/local/samba/bin</filename>, +the file could contains something like this: +</para> + +<para><programlisting> +## +## samba.server +## + +if [ ! -d /usr/bin ] +then # /usr not mounted + exit +fi + +killproc() { # kill the named process(es) + pid=`/usr/bin/ps -e | + /usr/bin/grep -w $1 | + /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` + [ "$pid" != "" ] && kill $pid +} + +# Start/stop processes required for samba server + +case "$1" in + +'start') +# +# Edit these lines to suit your installation (paths, workgroup, host) +# +echo Starting SMBD + /usr/local/samba/bin/smbd -D -s \ + /usr/local/samba/smb.conf + +echo Starting NMBD + /usr/local/samba/bin/nmbd -D -l \ + /usr/local/samba/var/log -s /usr/local/samba/smb.conf + +echo Starting Winbind Daemon + /usr/local/samba/bin/winbindd + ;; + +'stop') + killproc nmbd + killproc smbd + killproc winbindd + ;; + +*) + echo "Usage: /etc/init.d/samba.server { start | stop }" + ;; +esac +</programlisting></para> +</sect4> +<sect4> +<title>Restarting</title> <para> If you restart the <command>smbd</command>, <command>nmbd</command>, and <command>winbindd</command> daemons at this point, you should be able to connect to the samba server as a domain member just as if you were a local user. </para> - +</sect4> </sect3> - - <sect3> <title>Configure Winbind and PAM</title> @@ -781,13 +862,17 @@ by invoking the command from the <filename>../source</filename> directory. The <filename>pam_winbind.so</filename> file should be copied to the location of your other pam security modules. On my RedHat system, this was the -<filename>/lib/security</filename> directory. +<filename>/lib/security</filename> directory. On Solaris, the pam security +modules reside in <filename>/usr/lib/security</filename>. </para> <para> <prompt>root#</prompt> <command>cp ../samba/source/nsswitch/pam_winbind.so /lib/security</command> </para> +<sect4> +<title>Linux/FreeBSD-specific PAM configuration</title> + <para> The <filename>/etc/pam.d/samba</filename> file does not need to be changed. I just left this fileas it was: @@ -875,6 +960,92 @@ line after the <command>winbind.so</comm double prompts for passwords. </para> +</sect4> + +<sect4> +<title>Solaris-specific configuration</title> + +<para> +The /etc/pam.conf needs to be changed. I changed this file so that my Domain +users can logon both locally as well as telnet.The following are the changes +that I made.You can customize the pam.conf file as per your requirements,but +be sure of those changes because in the worst case it will leave your system +nearly impossible to boot. +</para> + +<para><programlisting> +# +#ident "@(#)pam.conf 1.14 99/09/16 SMI" +# +# Copyright (c) 1996-1999, Sun Microsystems, Inc. +# All Rights Reserved. +# +# PAM configuration +# +# Authentication management +# +login auth required /usr/lib/security/pam_winbind.so +login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass +login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass +# +rlogin auth sufficient /usr/lib/security/pam_winbind.so +rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1 +rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass +# +dtlogin auth sufficient /usr/lib/security/pam_winbind.so +dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass +# +rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1 +other auth sufficient /usr/lib/security/pam_winbind.so +other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass +# +# Account management +# +login account sufficient /usr/lib/security/pam_winbind.so +login account requisite /usr/lib/security/$ISA/pam_roles.so.1 +login account required /usr/lib/security/$ISA/pam_unix.so.1 +# +dtlogin account sufficient /usr/lib/security/pam_winbind.so +dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1 +dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1 +# +other account sufficient /usr/lib/security/pam_winbind.so +other account requisite /usr/lib/security/$ISA/pam_roles.so.1 +other account required /usr/lib/security/$ISA/pam_unix.so.1 +# +# Session management +# +other session required /usr/lib/security/$ISA/pam_unix.so.1 +# +# Password management +# +#other password sufficient /usr/lib/security/pam_winbind.so +other password required /usr/lib/security/$ISA/pam_unix.so.1 +dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1 +# +# Support for Kerberos V5 authentication (uncomment to use Kerberos) +# +#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass +#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass +#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass +#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass +#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1 +#other account optional /usr/lib/security/$ISA/pam_krb5.so.1 +#other session optional /usr/lib/security/$ISA/pam_krb5.so.1 +#other password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass +</programlisting></para> + +<para> +I also added a try_first_pass line after the winbind.so line to get rid of +annoying double prompts for passwords. +</para> + +<para> +Now restart your Samba & try connecting through your application that you +configured in the pam.conf. +</para> + +</sect4> </sect3>
msg01863/pgp00000.pgp
Description: PGP signature