[WBEL-users] samba and AD
Rodrigo Cortes
rcortes@placevendome.cl
Thu, 13 Jan 2005 16:05:10 -0300
Have you one conf for all ? krb5 ? smb ?
Sorry but I have #$#% jejeje
-----Mensaje original-----
De: whitebox-users-admin@beau.org [mailto:whitebox-users-admin@beau.org]
En nombre de Toby Bluhm
Enviado el: Jueves, 13 de Enero de 2005 15:23
Para: Whitebox-users@beau.org
Asunto: RE: [WBEL-users] samba and AD
---- Rodrigo Cortes <rcortes@placevendome.cl> wrote:
> Well. In the doc with winbind and samba and AD is possible auth telnet
and ftp. Doc say this, but don't work.
>
>
>
I was able to get a stock wb3 box with current updates ( at the time ~ 2
months ago ) to allow AD account login with console,ssh,ftp,telnet. The
pam setup was the key.
You need to have your smb.conf, krb5.conf, krb.realms, nsswitch.conf
setup right and you've joined the box to AD, a share works - this all
needs to be happy before trying the pam edits.
Note the message about using authconfig - it will mess with your pam
setup & nsswitch.conf.
I first ran authconfig to setup the box to authenticate with nis. If you
use only local accounts, I see at least one line in system-auth that may
need to be different than what I have here. Then I made the manual edits
to the config files. Also, anytime during my testing that I made domain
type changes to smb.conf, I deleted *.tdb in /etc/samba,
/var/cache/samba, /var/cache/samba/printing and rejoined the wb3 box to
the domain.
YMMV
in /etc/pam.d
login:
#%PAM-1.0
auth required pam_securetty.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
sshd:
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
auth sufficient pam_winbind.so
account required pam_stack.so service=system-auth
account sufficient pam_winbind.so
password required pam_stack.so service=system-auth
password sufficient pam_winbind.so
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so
system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_winbind.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_cracklib.so retry=3
type=
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow nis
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_winbind.so
-Toby
_______________________________________________
Whitebox-users mailing list
Whitebox-users@beau.org
http://beau.org/mailman/listinfo/whitebox-users