RE: [Samba] Winbind and email server
OK, here's the samba module: #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth session required pam_mkhomedir.so skel=/etc/skel umask=0022 session required pam_stack.so service=system-auth password required pam_stack.so service=system-auth and here's system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password required /usr/lib/security/pam_sso.so.1 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow #password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so If you need more, please let me know. Dimitri On Thursday March 30 2006 5:45 pm, Paul Matthews wrote: how about you post your pam module here, you might have it configured to require both local and winbind users instead of either or Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** * *** * *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. -Original Message- From: Dimitri Yioulos [mailto:[EMAIL PROTECTED] Sent: Friday, 31 March 2006 8:33 AM To: Paul Matthews Subject: Re: [Samba] Winbind and email server top-posting by necessity ... Hi, Paul. Alas, my nsswitch.conf is properly configured. Any other ideas? Dimitri On Thursday March 30 2006 5:12 pm, you wrote: well the problem i think your having is that you have not edited the /etc/nsswitch.conf file. change from passwd: files shadow: files group: files to: passwd: winbind files shadow: winbind files group: winbind files or something along those lines, play with the /etc/nsswitch.conf to find the right configuration for you. check out the post i've made on my website about how we use have setup my mail system, i think i've done it fairly well http://www.yourhowto.org/content/view/25/9/ Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** * *** * *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ]On Behalf Of Dimitri Yioulos Sent: Friday, 31 March 2006 1:53 AM To: samba@lists.samba.org Subject: [Samba] Winbind and email server Folks, Sincere apologies for asking this again, but I'm just not getting this to work, and must be missing something here: My company's network is based around a Windows 2003 server AD, with several RHEL AS 3 boxes connected to it via samba (3.0.21c-1). This scheme works very well. I've set up, and have successfully been using a sendmail-based email system, too. My issue is this: When I create a user account in AD, I have to also create it in the mail server. This is inconvenient and inefficient. I have samba installed on the mail server. I also have the mkhomedir module installed, and the appropriate line to invoke
RE: [Samba] Winbind and email server]
okay, im far from a pam expert, but i don't see any mention of winbind there? It's my weekend at the moment so i can't get to my test box at work to show you my pam module using winbind, but maybe you should check out this page on my website, it's using ldap try and use this and replace any mention of ldap with winbind http://www.yourhowto.org/content/view/35/9/ or i have a how-to for authenticating against Active directories using LDAP http://www.yourhowto.org/content/view/34/9/ check it out, i'm sure that that wont need a local users as well, i'll be back at work on monday and can probably help you more, but give those two a go, see if anything comes from them OK, here's the samba module: #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth accountrequired pam_stack.so service=system-auth sessionrequired pam_mkhomedir.so skel=/etc/skel umask=0022 sessionrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth and here's system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 typepasswordrequired /usr/lib/security/pam_sso.so.1 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow #passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so If you need more, please let me know. Dimitri On Thursday March 30 2006 5:45 pm, Paul Matthews wrote: how about you post your pam module here, you might have it configured to require both local and winbind users instead of either or Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** * *** * *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. -Original Message- From: Dimitri Yioulos [mailto:[EMAIL PROTECTED] Sent: Friday, 31 March 2006 8:33 AM To: Paul Matthews Subject: Re: [Samba] Winbind and email server top-posting by necessity ... Hi, Paul. Alas, my nsswitch.conf is properly configured. Any other ideas? Dimitri On Thursday March 30 2006 5:12 pm, you wrote: well the problem i think your having is that you have not edited the /etc/nsswitch.conf file. change from passwd: files shadow: files group: files to: passwd: winbind files shadow: winbind files group: winbind files or something along those lines, play with the /etc/nsswitch.conf to find the right configuration for you. check out the post i've made on my website about how we use have setup my mail system, i think i've done it fairly well http://www.yourhowto.org/content/view/25/9/ Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** * *** * *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ]On Behalf Of Dimitri Yioulos Sent: Friday, 31 March 2006 1:53 AM To: samba@lists.samba.org Subject: [Samba] Winbind
[Samba] Winbind and email server
Folks, Sincere apologies for asking this again, but I'm just not getting this to work, and must be missing something here: My company's network is based around a Windows 2003 server AD, with several RHEL AS 3 boxes connected to it via samba (3.0.21c-1). This scheme works very well. I've set up, and have successfully been using a sendmail-based email system, too. My issue is this: When I create a user account in AD, I have to also create it in the mail server. This is inconvenient and inefficient. I have samba installed on the mail server. I also have the mkhomedir module installed, and the appropriate line to invoke it is in the samba, pop, and smtp.sendmail config files under /etc/pam.d. My users are using the Outlook 2003 mail client. If I create a user in the email server, then Outlook has no problem connecting to the mail server using the user's credentials from the email server. But, if the user is only created in AD, then Outlook complains that the incoming pop server won't authenticate the user, despite the fact that winbind is fired up, wbinfo -u shows the user, and getent passwd shows the user's credentials. Arrrgh! IMHO, this is the one small thing that keeps this from being a really great system. Can anybody show me the way to get over the hump? Many thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind and email server
well the problem i think your having is that you have not edited the /etc/nsswitch.conf file. change from passwd: files shadow: files group: files to: passwd: winbind files shadow: winbind files group: winbind files or something along those lines, play with the /etc/nsswitch.conf to find the right configuration for you. check out the post i've made on my website about how we use have setup my mail system, i think i've done it fairly well http://www.yourhowto.org/content/view/25/9/ Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ]On Behalf Of Dimitri Yioulos Sent: Friday, 31 March 2006 1:53 AM To: samba@lists.samba.org Subject: [Samba] Winbind and email server Folks, Sincere apologies for asking this again, but I'm just not getting this to work, and must be missing something here: My company's network is based around a Windows 2003 server AD, with several RHEL AS 3 boxes connected to it via samba (3.0.21c-1). This scheme works very well. I've set up, and have successfully been using a sendmail-based email system, too. My issue is this: When I create a user account in AD, I have to also create it in the mail server. This is inconvenient and inefficient. I have samba installed on the mail server. I also have the mkhomedir module installed, and the appropriate line to invoke it is in the samba, pop, and smtp.sendmail config files under /etc/pam.d. My users are using the Outlook 2003 mail client. If I create a user in the email server, then Outlook has no problem connecting to the mail server using the user's credentials from the email server. But, if the user is only created in AD, then Outlook complains that the incoming pop server won't authenticate the user, despite the fact that winbind is fired up, wbinfo -u shows the user, and getent passwd shows the user's credentials. Arrrgh! IMHO, this is the one small thing that keeps this from being a really great system. Can anybody show me the way to get over the hump? Many thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind and email server
how about you post your pam module here, you might have it configured to require both local and winbind users instead of either or Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. -Original Message- From: Dimitri Yioulos [mailto:[EMAIL PROTECTED] Sent: Friday, 31 March 2006 8:33 AM To: Paul Matthews Subject: Re: [Samba] Winbind and email server top-posting by necessity ... Hi, Paul. Alas, my nsswitch.conf is properly configured. Any other ideas? Dimitri On Thursday March 30 2006 5:12 pm, you wrote: well the problem i think your having is that you have not edited the /etc/nsswitch.conf file. change from passwd: files shadow: files group: files to: passwd: winbind files shadow: winbind files group: winbind files or something along those lines, play with the /etc/nsswitch.conf to find the right configuration for you. check out the post i've made on my website about how we use have setup my mail system, i think i've done it fairly well http://www.yourhowto.org/content/view/25/9/ Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** * *** * *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ]On Behalf Of Dimitri Yioulos Sent: Friday, 31 March 2006 1:53 AM To: samba@lists.samba.org Subject: [Samba] Winbind and email server Folks, Sincere apologies for asking this again, but I'm just not getting this to work, and must be missing something here: My company's network is based around a Windows 2003 server AD, with several RHEL AS 3 boxes connected to it via samba (3.0.21c-1). This scheme works very well. I've set up, and have successfully been using a sendmail-based email system, too. My issue is this: When I create a user account in AD, I have to also create it in the mail server. This is inconvenient and inefficient. I have samba installed on the mail server. I also have the mkhomedir module installed, and the appropriate line to invoke it is in the samba, pop, and smtp.sendmail config files under /etc/pam.d. My users are using the Outlook 2003 mail client. If I create a user in the email server, then Outlook has no problem connecting to the mail server using the user's credentials from the email server. But, if the user is only created in AD, then Outlook complains that the incoming pop server won't authenticate the user, despite the fact that winbind is fired up, wbinfo -u shows the user, and getent passwd shows the user's credentials. Arrrgh! IMHO, this is the one small thing that keeps this from being a really great system. Can anybody show me the way to get over the hump? Many thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba