On Wednesday 14 September 2005 11:11 am, you wrote: > I just wanted to make sure what I have currently is accurate for the > /etc/pam.d/login, which according to what you sent me and the HOWTO you > refered me to it is. > > For some reason I have still having problems. Would it matter if I had > a non-traditional active directory schema (was modified to include unix > services)? > > Dimitri Yioulos wrote: > >On Wednesday 14 September 2005 10:21 am, you wrote: > >>Could I get an example of the /etc/pam.d/login configuration for use > >>with winbind? > >> > >>Dimitri Yioulos wrote: > >>>On Tuesday 13 September 2005 3:58 pm, Rex Dieter wrote: > >>>>Jason Gerfen wrote: > >>>>>I am having a hard time getting Samba to authentication correctly > >>>>>against a Windows Active Directory setup. > >>>>> > >>>>> template shell = /bin/bash > >>>>> template homedir = /home/%D/%U > >>>>> > >>>>>I can run the net ads join command which works fine, but if I try to > >>>>>authentication without a local account I am recieving errors. Any > >>>>>assistance or pointers is appreciated. > >>>> > >>>>If you want to avoid the use of local accounts, you also need to > >>>>configure/use winbind and pam+nss_winbind > >>>> > >>>>-- Rex > >>> > >>>Rex is right. You need to configure resolv.conf, nsswitch.conf, and > >>>etc/pam.d/login. > >>> > >>>Dimitri > > > >Jason, > > > >I'll do it, but you really should read Samba-3 by Example. John H. and > >company have done an excellent job of documenting Samba configuration and > >use. It would be better to use the mailing list after that. > > > >That said: > > > >#%PAM-1.0 > >auth required pam_securetty.so > >auth sufficient pam_winbind.so > >auth sufficient pam_unix.so use_first_pass > >auth required pam_stack.so service=system-auth > >auth required pam_nologin.so > >account sufficient pam_winbind.so > >account required pam_stack.so service=system-auth > >password required pam_stack.so service=system-auth > >session required pam_stack.so service=system-auth > >session optional pam_console.so > > > >Dimitri
I don't particularly see that as being an issue. So, let's review: - Your smb.conf was changed to include/modify/etc. the directives mentioned in previous posts. Let me say here that I use the ip address in password server =. I'd also change realm = server.com to realm = SERVER.COM. I know these work for me, and we have 6 samba member servers working great in our AD scheme. - nsswitch.conf, resolv.conf, and /etc/pam.d/login are configured correctly. - krb5.conf is configured correctly. You might want to post your krb5.conf so we can have a look-see. When you start samba, do you also start the winbind daemon? Dimitri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba