[Samba] winbind configuration
Thanks for reply The SID of windows users and groups is same bacause both server are part of same Domain. The list of users wbinfo -u and groups wbinfo -g is same but the uid and gid is diffrent. Both server is window 2003 standard. The winbind configuration is as follows workgroup = ABP realm = ABP.DEL netbios name = abptest security = ADS allow trusted domains = yes idmap uid = 3000-3 idmap gid = 3000-3 template homedir = /home/%D/%U template shell = /bin/bash winbind cache time = 3600 winbind separator = + winbind nested groups = yes thanking you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind configuration
Hi list, Lets say there exists a Windows domain environment I would like to log on to from a Linux workstation using plain Windows domain accounts (no local account on any Linux workstation). Do I need a Samba server configured as a domain member _and_ do I have to configure all the workstations for winbind? Pete -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: R: R: [Samba] Winbind configuration
I'm not quite sure what will be configured on the workstation and what on the samba server side, in such is even needed. Please clarify a bit:-) If I want authentication and using shares (file and print) in Windows box. Linuxes would be pure clients to Windows, not sharing any disks or printers through SMB. So there is no need for a samba server to be added as a domain member server? Isn't binding a station to a domain and id mapping done by the samba server? The join is done by the net join utility and id mapping is done by winbindd. Will there be any configuration for these ids or will winbind do it automatically? Is the configura Please have a look at Bug 3062 at bugzilla.samba.org there is also a nice howto in this entry. There was no such bug as I searched with the bug number for all bugs in all states. Of course if you want to authenticate... you must bind the unix station/server to the domain, or the unix will not be able to comunicate with ActiveDirectory authority and get confirmation of user identity (username and password) But if you just want authentication you do not need to share directories, or mount windows directory on the unix station the winbindDaemon (winbindd) will do the authentication job. and I like a lot the PAM modules... For authentication and using Windows shares, all my boxes (server and workstations) will need to be joined to domain (to be able to use the machine accounts), right? Do I still need a samba server to be a domain controller for the domain or is it enough to just use the Windows box for this purpose? Pete -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind configuration
Hi list, Lets say there exists a Windows domain environment I would like to log on to from a Linux workstation using plain Windows domain accounts (no local account on any Linux workstation). Do I need a Samba server configured as a domain member _and_ do I have to configure all the workstations for winbind? Pete -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind configuration
On Sun, 2007-05-06 at 17:14 +0300, Petteri Hakkarainen wrote: Hi list, Lets say there exists a Windows domain environment I would like to log on to from a Linux workstation using plain Windows domain accounts (no local account on any Linux workstation). Do I need a Samba server configured as a domain member _and_ do I have to configure all the workstations for winbind? For login you just need to use winbindd, you don't need smbd or nmbd running (unless you also want to use file sharing of course. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: R: [Samba] Winbind configuration
Lets say there exists a Windows domain environment I would like to log on to from a Linux workstation using plain Windows domain accounts (no local account on any Linux workstation). Do I need a Samba server configured as a domain member _and_ do I have to configure all the workstations for winbind? you need winbind and PAM. You need to install winbind (which is a Samba Module) onto every Linux station, bind them to the domain and configure PAM modules (I'd configure login ssh and SU) Samba is a lot of code. and Winbind is just one out of three modules. I don't think you need to run smbd or nmbd So there is no need for a samba server to be added as a domain member server? Isn't binding a station to a domain and id mapping done by the samba server? Pete -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: R: R: [Samba] Winbind configuration
On Sun, 2007-05-06 at 20:45 +0300, Petteri Hakkarainen wrote: So there is no need for a samba server to be added as a domain member server? Isn't binding a station to a domain and id mapping done by the samba server? The join is done by the net join utility and id mapping is done by winbindd. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WINBIND configuration and NT Authentication
Hallo Chris, this web page help me a lot and works perfect: http://www.isomedia.com/homes/kpuckett/Windows_Domain_Logins_from_RH7.3.htm Regards, Gianluigi Di Vaio -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: FW: [Samba] WINBIND configuration and NT Authentication]
On Mon, 2002-11-18 at 08:46, Chris McKeever wrote: Thanks Mikko - pieced the 3 links you sent and got new configs... Well..I have successfully got the PAM files so NT users can login from the terminal as well as through the samba shares (no local users required), including using the NT groups to provide share level permissions. Now here is the next battle: 1. I can not access the shares using the linux local accounts -- recieve: the credentials supplied confilict with an exisitng set of credentials is this another PAM configuration problem? No, this is a windows client-side limitiation. You already have a connection to the server, and windows only allows one username per remote server at one time. 2. I can't configure the homes directory to be a default path (ie path = /home/userfile) -- recieve: the specified network password is not correct -- creating this as a standard [userfile] share with read only allowed works I'm not quite sure what you are trying to do here. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
RE: [Samba] WINBIND configuration and NT Authentication]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 1 From: Chris McKeever [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: RE: [Samba] WINBIND configuration and NT Authentication] Date: Sun, 17 Nov 2002 09:54:51 -0600 Mikko..you hit the nail on the head with the PAM configuration... I will fiddle around with those sites to try to get i going (I already locked myself out once...wonderful!) When playing with pam, always keep a root login open until you are absolutely sure your config works. If any one has working pam config files that they could post or email, that would be great. You can find one in recent versions of samba (2.2.5 and later I think): packaging/Mandrake/system-auth-winbind.pamd This is what we use to replace /etc/pam.d/system-auth to do all authentication via winbind. In pam files that use pam_stack, you can also use 'service=system-auth-winbind' if you install this file as /etc/pam.d/system-auth-winbind and don't want to authenticate all services by winbind. Here is the file in webcvs: http://cvs.samba.org/cgi-bin/cvsweb/samba/packaging/Mandrake/system-auth-winbind.pamd?rev=1.2.2.1content-type=text/x-cvsweb-markup Does one need to restart a pam service after changes are made? If so..how? No. -Original Message- From: Mikko Rautiainen [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 17, 2002 3:56 AM To: Samba ML Subject: Re: [Samba] WINBIND configuration and NT Authentication] Hi, Yes it's possible to authenticate users from win 2000 server with winbind. For me the PAM configuration was the hardest part. I used mandrake 9 and it has a realy good pre config. And if you want to modify the folder/file permissions from NT/W2k PDC then don't use ReiserFS as the filesystem. Use either EXT3 or XFS. Mayby the ReiserFS 4 will have the ACL support. I have had dificulties with suse and samba. Like my suse8 home server needs a restart after 2 days and I don't know the reason why. I just lose the connection to the samba. So the winbind part was easy to make work in mandrake 9, just need to config smb.conf right and thats about it. In fact, if you do an expert installation of Mandrake 9.0, you can join the domain during installtion (choose Windows Domain as authentication method in the dialog where you enter your root password). Just enter your domain name in caps (small buglet, we don't capitalise the domain name before creating /home/%D). It will join the domain for you, configure pam etc. But, this sets up a very basic smb.conf (only for running winbind for authentication of other services). For real samba use, copy /etc/samba/smb-winbind.conf over /etc/samba/smb.conf and just set your workgroup again in the file, and you will get a more usual samba config. The PAM is a bit harder (to me at least). PAM is the key for the linux end to understand to use the winbind connection. If not correctly cinfigured it can't get the authentication from the Win NT/2k PDC. Here are some links that was helpful for me. http://archives.neohapsis.com/archives/pam-list/2001-10/0038.html http://ma.ph-freiburg.de/tng/tng-users/2001-06/msg00025.html http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html (very helpful) Hope these help Mikko Rautiainen - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE92LEyrJK6UGDSBKcRAlsHAJ0fIX3/3YsDvP3W6BmRCaNKxJVfMgCgtu8i peiVXkGtLme5YGPpWbYc3K0= =xhf9 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINBIND configuration and NT Authentication]
Hi, Yes it's possible to authenticate users from win 2000 server with winbind. For me the PAM configuration was the hardest part. I used mandrake 9 and it has a realy good pre config. And if you want to modify the folder/file permissions from NT/W2k PDC then don't use ReiserFS as the filesystem. Use either EXT3 or XFS. Mayby the ReiserFS 4 will have the ACL support. I have had dificulties with suse and samba. Like my suse8 home server needs a restart after 2 days and I don't know the reason why. I just lose the connection to the samba. So the winbind part was easy to make work in mandrake 9, just need to config smb.conf right and thats about it. The PAM is a bit harder (to me at least). PAM is the key for the linux end to understand to use the winbind connection. If not correctly cinfigured it can't get the authentication from the Win NT/2k PDC. Here are some links that was helpful for me. http://archives.neohapsis.com/archives/pam-list/2001-10/0038.html http://ma.ph-freiburg.de/tng/tng-users/2001-06/msg00025.html http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html (very helpful) Hope these help Mikko Rautiainen Chris McKeever wrote: Setup: Suse 7.2, Samba 2.2.6 Win 2K PDC Project: I would like to use winbind to authenticate users that do not have local accounts on the linux machine for access to various file and print shares. I have gotten winbind to successfully grab the user and groups from the NT box (verified by getent passwd). However, I have had little luck obtaining the permission based file share that I would like. Questions: 1. Do users accessing the share need local accounts? a. if so, is there a way to export users from win2k into linux? 2. Can you use NT groups in the smb.conf file to control access? 3. The documentation on winbind http://us2.samba.org/samba/docs/man/winbindd.8.html almost makes it sound as if it may be possible to authenticate NT users and grant them login rights (actual session login rights, not samba shares) to the linux machine. Is this true? If so is there additional configuration to achieve this assuming quesiton 1 has been answered and setup properly? 4. Does anyone know of further online winbind documentation? Thanks in advance... Chris McKeever -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] WINBIND configuration and NT Authentication]
Mikko..you hit the nail on the head with the PAM configuration... I will fiddle around with those sites to try to get i going (I already locked myself out once...wonderful!) If any one has working pam config files that they could post or email, that would be great. Does one need to restart a pam service after changes are made? If so..how? -Original Message- From: Mikko Rautiainen [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 17, 2002 3:56 AM To: Samba ML Subject: Re: [Samba] WINBIND configuration and NT Authentication] Hi, Yes it's possible to authenticate users from win 2000 server with winbind. For me the PAM configuration was the hardest part. I used mandrake 9 and it has a realy good pre config. And if you want to modify the folder/file permissions from NT/W2k PDC then don't use ReiserFS as the filesystem. Use either EXT3 or XFS. Mayby the ReiserFS 4 will have the ACL support. I have had dificulties with suse and samba. Like my suse8 home server needs a restart after 2 days and I don't know the reason why. I just lose the connection to the samba. So the winbind part was easy to make work in mandrake 9, just need to config smb.conf right and thats about it. The PAM is a bit harder (to me at least). PAM is the key for the linux end to understand to use the winbind connection. If not correctly cinfigured it can't get the authentication from the Win NT/2k PDC. Here are some links that was helpful for me. http://archives.neohapsis.com/archives/pam-list/2001-10/0038.html http://ma.ph-freiburg.de/tng/tng-users/2001-06/msg00025.html http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html (very helpful) Hope these help Mikko Rautiainen Chris McKeever wrote: Setup: Suse 7.2, Samba 2.2.6 Win 2K PDC Project: I would like to use winbind to authenticate users that do not have local accounts on the linux machine for access to various file and print shares. I have gotten winbind to successfully grab the user and groups from the NT box (verified by getent passwd). However, I have had little luck obtaining the permission based file share that I would like. Questions: 1. Do users accessing the share need local accounts? a. if so, is there a way to export users from win2k into linux? 2. Can you use NT groups in the smb.conf file to control access? 3. The documentation on winbind http://us2.samba.org/samba/docs/man/winbindd.8.html almost makes it sound as if it may be possible to authenticate NT users and grant them login rights (actual session login rights, not samba shares) to the linux machine. Is this true? If so is there additional configuration to achieve this assuming quesiton 1 has been answered and setup properly? 4. Does anyone know of further online winbind documentation? Thanks in advance... Chris McKeever -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
FW: [Samba] WINBIND configuration and NT Authentication]
Thanks Mikko - pieced the 3 links you sent and got new configs... Well..I have successfully got the PAM files so NT users can login from the terminal as well as through the samba shares (no local users required), including using the NT groups to provide share level permissions. Now here is the next battle: 1. I can not access the shares using the linux local accounts -- recieve: the credentials supplied confilict with an exisitng set of credentials is this another PAM configuration problem? 2. I can't configure the homes directory to be a default path (ie path = /home/userfile) -- recieve: the specified network password is not correct -- creating this as a standard [userfile] share with read only allowed works any help would be appreciated -Original Message- From: Chris McKeever [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 17, 2002 9:55 AM To: '[EMAIL PROTECTED]' Subject: RE: [Samba] WINBIND configuration and NT Authentication] Mikko..you hit the nail on the head with the PAM configuration... I will fiddle around with those sites to try to get i going (I already locked myself out once...wonderful!) If any one has working pam config files that they could post or email, that would be great. Does one need to restart a pam service after changes are made? If so..how? -Original Message- From: Mikko Rautiainen [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 17, 2002 3:56 AM To: Samba ML Subject: Re: [Samba] WINBIND configuration and NT Authentication] Hi, Yes it's possible to authenticate users from win 2000 server with winbind. For me the PAM configuration was the hardest part. I used mandrake 9 and it has a realy good pre config. And if you want to modify the folder/file permissions from NT/W2k PDC then don't use ReiserFS as the filesystem. Use either EXT3 or XFS. Mayby the ReiserFS 4 will have the ACL support. I have had dificulties with suse and samba. Like my suse8 home server needs a restart after 2 days and I don't know the reason why. I just lose the connection to the samba. So the winbind part was easy to make work in mandrake 9, just need to config smb.conf right and thats about it. The PAM is a bit harder (to me at least). PAM is the key for the linux end to understand to use the winbind connection. If not correctly cinfigured it can't get the authentication from the Win NT/2k PDC. Here are some links that was helpful for me. http://archives.neohapsis.com/archives/pam-list/2001-10/0038.html http://ma.ph-freiburg.de/tng/tng-users/2001-06/msg00025.html http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html (very helpful) Hope these help Mikko Rautiainen Chris McKeever wrote: Setup: Suse 7.2, Samba 2.2.6 Win 2K PDC Project: I would like to use winbind to authenticate users that do not have local accounts on the linux machine for access to various file and print shares. I have gotten winbind to successfully grab the user and groups from the NT box (verified by getent passwd). However, I have had little luck obtaining the permission based file share that I would like. Questions: 1. Do users accessing the share need local accounts? a. if so, is there a way to export users from win2k into linux? 2. Can you use NT groups in the smb.conf file to control access? 3. The documentation on winbind http://us2.samba.org/samba/docs/man/winbindd.8.html almost makes it sound as if it may be possible to authenticate NT users and grant them login rights (actual session login rights, not samba shares) to the linux machine. Is this true? If so is there additional configuration to achieve this assuming quesiton 1 has been answered and setup properly? 4. Does anyone know of further online winbind documentation? Thanks in advance... Chris McKeever -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINBIND configuration and NT Authentication
I'll try to get the config files I have for you tomorrow, but they wont work in suse 7.2 They aply in madrake 9. I got locked out couple times too :) The most important pam files are samba, system-auth(-winbind), and login. Mikko Chris McKeever wrote: thanks for the reply..you got it with the pam configuration...would youhappen to have some working examples?? also, is there a way to restart PAMafter changes (say to the login and passwd files)Thanks for those links-Original Message-From: Mikko Rautiainen [mailto:[EMAIL PROTECTED]]Sent: Sunday, November 17, 2002 3:53 AMTo: Chris McKeeverSubject: Re: [Samba] WINBIND configuration and NT AuthenticationHi,Yes it's possible to authenticate users from win 2000 server with winbind. For methe PAM configuration was the hardest part. I used mandrake 9 and it has a realygood pre config. And if you want to modify the folder/file permissions from NT/W2kPDC then don't use ReiserFS as the filesystem. Use either EXT3 or XFS. Mayby theReiserFS 4 will have the ACL support.I have had dificulti es with suse and samba. Like my suse8 home server needs a restartafter 2 days and I don't know the reason why. I just lose the connection to the samba.So the winbind part was easy to make work in mandrake 9, just need to config smb.confright and thats about it. The PAM is a bit harder (to me at least). PAM is the key for thelinux end to understand to use the winbind connection. If not correctly cinfigured it can'tget the authentication from the Win NT/2k PDC.Here are some links that was helpful for me.http://archives.neohapsis.com/archives/pam-list/2001-10/0038.htmlhttp://ma.ph-freiburg.de/tng/tng-users/2001-06/msg00025.htmlhttp://www.samba.org/samba/docs/Samba-HOWTO-Collection.html (very helpful)Hope these helpMikko RautiainenChris McKeever wrote: Setup: Suse 7.2, Samba 2.2.6 Win 2K PDCProject:I would like to use winbind to authenticate users that do not have localaccounts on the linux machine for access to various file and print shares.I have gotten winbind to successfully grab the user and groups from the NTbox (verified by getent passwd). However, I have had little luck obtainingthe permission based file share that I would like.Questions:1. Do users accessing the share need local accounts? a. if so, is there a way to export users from win2k into linux?2. Can you use NT groups in the smb.conf file to control access?3. The documentation on winbindhttp://us2.samba.org/samba/docs/man/winbindd.8.html almost makes it sound as if it may be possible to authenticate NT users and grant them login rights(actual session login rights, not samba shares) to the linux machine. Isthis true? If so is there additional configuration to achieve this assuming quesiton 1 has been answered and setup properly?4. Does anyone know of further online winbind documentation?Thanks in advance...Chris McKeever
[Samba] WINBIND configuration and NT Authentication
Setup: Suse 7.2, Samba 2.2.6 Win 2K PDC Project: I would like to use winbind to authenticate users that do not have local accounts on the linux machine for access to various file and print shares. I have gotten winbind to successfully grab the user and groups from the NT box (verified by getent passwd). However, I have had little luck obtaining the permission based file share that I would like. Questions: 1. Do users accessing the share need local accounts? a. if so, is there a way to export users from win2k into linux? 2. Can you use NT groups in the smb.conf file to control access? 3. The documentation on winbind http://us2.samba.org/samba/docs/man/winbindd.8.html almost makes it sound as if it may be possible to authenticate NT users and grant them login rights (actual session login rights, not samba shares) to the linux machine. Is this true? If so is there additional configuration to achieve this assuming quesiton 1 has been answered and setup properly? 4. Does anyone know of further online winbind documentation? Thanks in advance... Chris McKeever -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba