-----Original Message----- From: VR-Bug Support Sent: 15 October 2003 13:42 To: 'Gavin Davenport' Subject: RE: [Samba] Re: domain groups accessing samba share
Hi Gavin, This is what I have for my /etc/pam.d/login #%PAM-1.0 auth required pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so nodelay use_first_pass auth sufficient /lib/security/pam_krb5.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account sufficient /lib/security/pam_winbind.so account sufficient /lib/security/pam_krb5.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so And when I issue getent group or getent passwd it lists both local and ADS users. Regards, Luke -----Original Message----- From: Gavin Davenport [mailto:[EMAIL PROTECTED] Sent: 15 October 2003 09:05 To: [EMAIL PROTECTED] Cc: Tim Jordan, Network Services Subject: RE: [Samba] Re: domain groups accessing samba share Hiya Tim, Thanks for helping. Can you post your smb.conf /etc/pam.d/login wbinfo -g wbinfo -u getent passwd getent group Here we go: # Global parameters [global] workgroup = MYDOMAIN realm = MYNETWORK.ISP.CO.UK server string = Linux Samba Server security = ADS password server = bashful log level = 3 log file = /var/log/samba/log.%m max log size = 100 smb ports = 445 announce as = NT Workstation name resolve order = host bcast wins server = 10.0.0.104 client signing = Yes server signing = Yes client use spnego = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 10 preferred master = No local master = No domain master = No dns proxy = No idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash # winbind separator = + winbind cache time = 2 # winbind use default domain = Yes comment = Redhat 7.1 Samba hosts allow = 127., 10.0.0. [homes] comment = Home Directories read only = No browseable = No [Software] comment = Software Library path = /mnt/largeprimary/software # valid users = @MYNETWORK.ISP.CO.UK\"Domain Users" # Admin users = @MYNETWORK.ISP.CO.UK\gavdav [EMAIL PROTECTED] /root]# more /etc/pam.d/login #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so wbinfo -u [EMAIL PROTECTED] /root]# wbinfo -u MYDOMAIN\gavdav MYDOMAIN\Guest MYDOMAIN\Administrator MYDOMAIN\krbtgt MYDOMAIN\SUPPORT_388945a0 MYDOMAIN\fbloggs <snip> wbinfo -g [EMAIL PROTECTED] /root]# wbinfo -g MYDOMAIN\Domain Computers MYDOMAIN\Cert Publishers MYDOMAIN\Domain Users MYDOMAIN\Domain Guests MYDOMAIN\RAS and IAS Servers MYDOMAIN\Group Policy Creator Owners MYDOMAIN\Schema Admins MYDOMAIN\Enterprise Admins MYDOMAIN\Domain Admins MYDOMAIN\Domain Controllers <snip> [EMAIL PROTECTED] /root]# getent passwd root:x:0:0:root:/root:/bin/bash <snip> xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false gdm:x:42:42::/home/gdm:/bin/bash gavdav:x:500:500:Gavin Davenport:/home/gavdav:/bin/bash named:x:200:200:Nameserver:/var/named:/bin/false vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin [EMAIL PROTECTED] /root]# getent group root:x:0:root <snip> nobody:x:99: users:x:100:gavdav <snip> xfs:x:43: gdm:x:42: gavdav:x:500: vcsa:x:69: getent and setent are listing local users and groups. What do I need to change in /etc/pam.d/login to fix it ? Where should I be looking for help ? Thanks very much Gavin Davenport -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _____________________________________________________________________ This e-mail and all attachments have been scanned by the HighSpeed Office virus scanning service powered by MessageLabs and no known viruses were detected. ______________________________________________________________________ Any views or opinions expressed in this e-mail are solely those of the author and do not necessarily represent those of ENDEMOL UK plc unless specifically stated. This email and the information it contains are confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error please notify us immediately and delete the copy you have received from your system. You should not copy it for any purpose, re-transmit it, use it or disclose its contents to any other person. If you suspect the message may have been intercepted or amended please call the sender. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
