-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mike Ely wrote:
| Basic problem is that domain users can't successfully log | into the linux box. I'm trying to set this box up as | an ltsp server authenticating against our existing AD
...
| [libdefaults] | default_realm = LTSP.FOO.BAR | dns_lookup_realm = false | dns_lookup_kdc = true
Did you enable the DNS lookup during compile? If so then you can get rid of the [realms] section below.
| | [realms] | LTSP.FOO.BAR = { ...
| I can successfully join the domain using "net ads join -U username" and | all that. Net ads info looks right, and smbd, nmbd, and winbindd start | up successfully at boot (although winbindd shows up twice when I do "ps | -ae | grep winbindd").
winbindd shoulod show up twice by default (in 3.0).
| kinit [EMAIL PROTECTED] works as it should, I think. I get | prompted for a password, and then klist shows the ticket, although the | following also shows up with klist | | Kerberos 4 ticket cache: /tmp/tkt0 | klist: You have no tickets cached
That's fine as well.
| wbinfo -u shows all my top-level users, and wbinfo shows all my | top-level groups - anyone in a secondary OU is not visible to wbinfo - | problem 1.
How are the users/groups laid out in AD?
| Now, as root, I can change users to any domain user I want to without | entering a password, using, for example: | su LTSP+fred | and "whoami" returns the correct value. However, if I log in as a local | non-root account and try the same thing, or if I attempt to connect | remotely using "ssh -l LTSP+fred" I get a failed password error even | though I'm using a known-good password for that account. BIG problem #2.
Have you setup pam_winbind.so ?
| I'm sure there's something simple that needs to be changed and all will | suddenly Just Work. Once that happens, perhaps someone could answer | this: how do I automatically map the home directory of a domain user to | their AD-defined home directory (//ltsp-fs1/staff/fred <--> | /home/LTSP/fred, for example)? I want to have no local storage for | domain users on the linux box.
See pam_mount.so and smbfs (or patches for the newer cifsvfs).
cheers, jerry ~ ---------------------------------------------------------------------- ~ Hewlett-Packard ------------------------- http://www.hp.com ~ SAMBA Team ---------------------- http://www.samba.org ~ GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~ --John Cusack - "Grosse Point Blank" (1997)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/oqMAIR7qMdg1EfYRAmjYAJ9nlN/TjGltrXHdiIOV7Zt6MFIJRgCdEyX0 u9O/L9HZ/c6nYLURfzbilAE= =aHTM -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba