-   Linux - Server (
-   -   Cannot update ICEauthority, winbind, samba. (

irreverentryan 05-14-2013 07:44 AM

Cannot update ICEauthority, winbind, samba.
I have recently setup a server to act as a samba share, with active directory authentication. wbinfo -g returns all AD groups, and wbinfo -u returns all AD users. I am able to login interactively with my network admin account, but not with any other network admin's account. I can log into my domain user account, but I cannot create the home directory. I have added session required to my PAM config, but something still is not right. I've posted PAM, nsswitch, and samba config files below.
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required
auth sufficient nullok try_first_pass
auth requisite uid >= 500 quiet
auth sufficient use_first_pass
auth sufficient use_first_pass
auth required

account required broken_shadow
account sufficient
account sufficient uid < 500 quiet
account [default=bad success=ok user_unknown=ignore]
account [default=bad success=ok user_unknown=ignore]
account sufficient use_first_pass
account required

password requisite try_first_pass retry=3 type=
password sufficient sha512 shadow nullok try_first_pass use_authtok
password sufficient use_authtok
password sufficient use_first_pass
password required

session required
session optional revoke
session required
session [success=1 default=ignore] service in crond quiet use_uid
session required
session optional
session optional use_first_pass
#======================= Global Settings =====================================


workgroup = MMC
server string = Samba Server Version %v

netbios name = MMC-PS02

# --------------------------- Logging Options -----------------------------

log level = 3
log file = /var/log/samba/%m.log
max log size = 50

# ----------------------- Domain Members Options ------------------------
security = ADS
realm = MMC.DOMAIN
encrypt passwords = yes

winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 600-20000
idmap gid = 600-20000
;template primary group = "Domain Users"
template shell = /bin/bash

# allow trusted domains = Yes
# server signing = mandatory
# client signing = mandatory
# client use spnego = Yes
# ntlm auth = Yes
# lanman auth = No

# ----------------------- Browser Control Options ----------------------------
preferred master = no

# --------------------------- Printing Options -----------------------------

load printers = yes

printcap name = /etc/printcap

#============================ Share Definitions ==============================

comment = Home Directories
valid users = %S
browseable = no
writable = yes

# available = yes
# comment = Test Share
# path = /var/www/test
# writeable = yes
# browseable = yes
# invalid users = root
# create mask = 0660
# directory mask = 0770
# valid users = @DOMAIN+Group-Name
# /etc/nsswitch.conf
# Valid entries include:
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far

passwd: files winbind
shadow: files winbind
group: files winbind

hosts: files dns wins

bootparams: nisplus [NOTFOUND=return] files

ethers: db files
netmasks: files
networks: files dns
protocols: db files
rpc: files
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus

irreverentryan 05-14-2013 11:40 AM

Alright, I was able to:
chown root:1100 (domain users) /path/to/dir
chmod 2775 /path/to/dir

I can now log in and create a home directory. The only thing wrong now is that my users can browse through each other's folders. I know I can manually change this, but is there a way to automate permissions so that only the root and owning user can browse their home directory?


irreverentryan 05-14-2013 12:20 PM

I am also getting the following error still:

There is a problem with the configuration server.
(/usr/libexec/gconf-santiy-check-2 exited with a status of 256)

All times are GMT -5. The time now is 04:50 PM.