RE: Windows Domain Authentication
--- "Marcus Deluigi (intern)" <[EMAIL PROTECTED]> wrote: > > What server OS? NT4? 2000? 2003? > > > > I have a debian X terminal server authenticating > from an NT domain. > > > > Do you have the default domain for winbind set in > smb.conf > > (iuse default domain) or are you remembering to > enter your > > username as domain\username...? > > The server OS is 2003. > I should be able to make a ssh-session and locale > console login with > just the Windows Domain user name. > At least, that was possible with my old setup. > I did not even have to change /etc/pam.d/ssh, since > it includes > common-auth, common-account and common-session. > I don't have an X-Server installed. > > My smb.conf looks like this: > --- > [global] > netbios name = bilinux2 > #workgroup = WICRESOFT > realm = WICRESOFT.COM > security = ads > password server = ws-dc-01 ws-dc-02 > encrypt passwords = yes > windind use default domain = yes *** Is this last line a typo? *** windind > winbind -- Matt ___ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Windows Domain Authentication
> > Is anybody using the Windows Domain Authentication for his Debian > > Machine? > > > > I had it once working, but since I reinstalled the system, > I can't get > > it work. > > wbinfo -u > > and > > kinit > > works without errors, so I think krb5.conf and smb.conf are correct. > > > > However, I cannot login with the windows domain accounts, > so I guess > > pam.d must be misconfigured. > > But I chose the same configuration as the last time: > > > > /etc/pam.d/common-account: > > > > account required /lib/security/pam_winbind.so > > > > > > /etc/pam.d/common-auth > > > > auth sufficient pam_winbind.so > > auth required pam_unix.so nullok_secure use_first_pass > > > > > > /etc/pam.d/common-password > > > > password required pam_unix.so nullok obscure > > min=4 max=50 md5 > > > > > > /etc/pam.d/common-session > > > > session required pam_unix.so > > session optional pam_mkhomedir.so umask=0077 > >skel=/etc/skel/ > > > > > > /etc/pam.d/login > > > > auth requisite pam_securetty.so > > > > auth requisite pam_nologin.so > > > > auth required pam_env.so > > > > @include common-auth > > @include common-account > > @include common-session > > > > sessionrequired pam_limits.so > > sessionoptional pam_lastlog.so > > sessionoptional pam_motd.so > > > > sessionoptional pam_mail.so standard noenv > > @include common-password > > > > > > What server OS? NT4? 2000? 2003? > > I have a debian X terminal server authenticating from an NT domain. > > Do you have the default domain for winbind set in smb.conf > (iuse default domain) or are you remembering to enter your > username as domain\username...? The server OS is 2003. I should be able to make a ssh-session and locale console login with just the Windows Domain user name. At least, that was possible with my old setup. I did not even have to change /etc/pam.d/ssh, since it includes common-auth, common-account and common-session. I don't have an X-Server installed. My smb.conf looks like this: --- [global] netbios name = bilinux2 #workgroup = WICRESOFT realm = WICRESOFT.COM security = ads password server = ws-dc-01 ws-dc-02 encrypt passwords = yes windind use default domain = yes winbind separator = \\ idmap uid = 1000-2000 idmap gid = 1000-2000 winbind enum users = yes winbind enum groups = yes template homedir = home/winnt/%U template shell = /bin/bash [public] path = /var/winnt writeable = yes locking = no --- testparm complains, since it does not recognize the '\\' escaping, but the last time I figured out, that shared folder only work with this seperator. I guess the configuration should be ok, since 'wbinfo -u' works. /etc/nsswitch.conf looks like this: --- passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files dns wins networks: files dns protocols: db files services: db files ethers: db files rpc:db files netgroup: nis ---
Re: Windows Domain Authentication
--- "Marcus Deluigi (intern)" <[EMAIL PROTECTED]> wrote: > > Hi! > > Is anybody using the Windows Domain Authentication > for his Debian > Machine? > > I had it once working, but since I reinstalled the > system, I can't get > it work. > wbinfo -u > and > kinit > works without errors, so I think krb5.conf and > smb.conf are correct. > > However, I cannot login with the windows domain > accounts, so I guess > pam.d must be misconfigured. > But I chose the same configuration as the last time: > > /etc/pam.d/common-account: > > account required /lib/security/pam_winbind.so > > > /etc/pam.d/common-auth > > auth sufficient pam_winbind.so > auth required pam_unix.so nullok_secure > use_first_pass > > > /etc/pam.d/common-password > > password required pam_unix.so nullok obscure > min=4 max=50 md5 > > > /etc/pam.d/common-session > > session required pam_unix.so > session optional pam_mkhomedir.so umask=0077 >skel=/etc/skel/ > > > /etc/pam.d/login > > auth requisite pam_securetty.so > > auth requisite pam_nologin.so > > auth required pam_env.so > > @include common-auth > @include common-account > @include common-session > > sessionrequired pam_limits.so > sessionoptional pam_lastlog.so > sessionoptional pam_motd.so > > sessionoptional pam_mail.so standard noenv > @include common-password > > What server OS? NT4? 2000? 2003? I have a debian X terminal server authenticating from an NT domain. Do you have the default domain for winbind set in smb.conf (iuse default domain) or are you remembering to enter your username as domain\username...? -- Matt ___ Yahoo! Model Search 2005 - Find the next catwalk superstars - http://uk.news.yahoo.com/hot/model-search/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]