LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-24-2004, 10:08 AM   #1
zcorpio
LQ Newbie
 
Registered: Mar 2004
Location: Argentina
Distribution: SuSe
Posts: 10

Rep: Reputation: 0
Problem with Winbind+PAM


Hi forum, I've run myself into a problem while I was evaluating Winbind+PAM.
I'm setting up a workstation with Fedora 2 to join a Microsoft domain that I have running. Here is a detailed description of the steps that I've taken:

-----------------------------------------8<-----------------------------------------

cat /etc/samba/smb.conf
#Domain Configuration:
workgroup = MY_DOMAIN
security = DOMAIN
password server = MY_PDC
os level = 33 (WIN_NT 4)
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = home/%D/%U
template shell = /bin/shell
etc............................

-----------------------------------------8<-----------------------------------------

cat /etc/nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind

-----------------------------------------8<-----------------------------------------

cat /etc/pam_smb.conf
MY_DOMAIN
MY_PDC
[BDC]

-----------------------------------------8<-----------------------------------------

net join (relizado con éxito)
[root@0002]# net join -W MY_DOMAIN -U MY_USER
my_users's password: **********
Joined domain MY_DOMAIN.

-----------------------------------------8<-----------------------------------------

WINBIND - wbinfo

[root@0002]# wbinfo -t
checking the trust secret via RPC calls succeeded

[root@0002]# wbinfo -u
domain+user1
domain+user2
domain+user3
etc................

[root@0002]# wbinfo -g
domain+group1
domain+group2
domain+group3
etc................

-----------------------------------------8<-----------------------------------------

[root@0002 /]# getent passwd
DOMAIN+USER1:x:10017:10000:NAME, SECONDNAME:home/DOMAIN/USER1:/bin/shell
DOMAIN+USER2:x:10018:10000:NAME, SECONDNAME:home/DOMAIN/USER2:/bin/shell
DOMAIN+USER3:x:10019:10000:NAME, SECONDNAME:home/DOMAIN/USER3:/bin/shell

[root@0002 /]# getent group
etc...................................

-----------------------------------------8<-----------------------------------------

I think that the PAM 1.0 configuration is correct, here are the details:

login:
auth required pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/scurity/pam_unix.so use_firts_pass
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_selinux.so multiple
session required pam_stack.so service=system-auth
session optional pam_console.so

system-auth:
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal
auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_winbind.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_winbind.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so

-----------------------------------------8<-----------------------------------------

Having realized the previous configuration, I ran into the following problem:
Whenever I try to access any workstation already in the Microsoft Domain, I get a Nautilus error message window saying "Access denied or you don't have the necessary rights". The users that I'm using to access this workstations do have the correct user rights over the directories/workstations.

I'm suspecting of a PAM misconfiguration.

I hope you can help me with this issue. If you need me to post any other information that I may have forgotten, please ask.

Thanks in advance...
 
Old 06-25-2004, 07:53 PM   #2
zcorpio
LQ Newbie
 
Registered: Mar 2004
Location: Argentina
Distribution: SuSe
Posts: 10

Original Poster
Rep: Reputation: 0
If anyone interests:
https://bugzilla.redhat.com/bugzilla....cgi?id=123899
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
winbind + ADS + PAM paul_mat Linux - Networking 2 08-26-2005 12:02 AM
Checking a password with PAM/Winbind? quill18 Programming 1 05-25-2005 03:12 PM
PAM - Winbind/LDAP Problems. tacoking Linux - Security 0 09-16-2004 07:36 AM
Samba, Pam, winbind and ADS loaf Linux - Software 5 08-17-2004 07:46 PM
Cyrus/Winbind/Pam taggedd Linux - Software 0 10-27-2003 07:28 AM


All times are GMT -5. The time now is 02:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration