Cannot update ICEauthority, winbind, samba.
I have recently setup a server to act as a samba share, with active directory authentication. wbinfo -g returns all AD groups, and wbinfo -u returns all AD users. I am able to login interactively with my network admin account, but not with any other network admin's account. I can log into my domain user account, but I cannot create the home directory. I have added session required mkhomedir.so to my PAM config, but something still is not right. I've posted PAM, nsswitch, and samba config files below.
===================================================================== #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so account sufficient pam_winbind.so use_first_pass account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password sufficient pam_winbind.so use_first_pass password required pam_deny.so session required pam_mkhomedir.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so session optional pam_winbind.so use_first_pass ===================================================================== #/etc/samba/smb.conf #======================= Global Settings ===================================== [global] workgroup = MMC server string = Samba Server Version %v netbios name = MMC-PS02 # --------------------------- Logging Options ----------------------------- log level = 3 log file = /var/log/samba/%m.log max log size = 50 # ----------------------- Domain Members Options ------------------------ # security = ADS realm = MMC.DOMAIN encrypt passwords = yes winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind separator = + idmap uid = 600-20000 idmap gid = 600-20000 ;template primary group = "Domain Users" template shell = /bin/bash # allow trusted domains = Yes # server signing = mandatory # client signing = mandatory # client use spnego = Yes # ntlm auth = Yes # lanman auth = No # ----------------------- Browser Control Options ---------------------------- preferred master = no # --------------------------- Printing Options ----------------------------- load printers = yes printcap name = /etc/printcap #============================ Share Definitions ============================== [homes] comment = Home Directories valid users = %S browseable = no writable = yes #[test] # available = yes # comment = Test Share # path = /var/www/test # writeable = yes # browseable = yes # invalid users = root # create mask = 0660 # directory mask = 0770 # valid users = @DOMAIN+Group-Name ===================================================================== # # /etc/nsswitch.conf # Valid entries include: # # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far passwd: files winbind shadow: files winbind group: files winbind hosts: files dns wins bootparams: nisplus [NOTFOUND=return] files ethers: db files netmasks: files networks: files dns protocols: db files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus |
Alright, I was able to:
chown root:1100 (domain users) /path/to/dir chmod 2775 /path/to/dir I can now log in and create a home directory. The only thing wrong now is that my users can browse through each other's folders. I know I can manually change this, but is there a way to automate permissions so that only the root and owning user can browse their home directory? Thanks! |
I am also getting the following error still:
There is a problem with the configuration server. (/usr/libexec/gconf-santiy-check-2 exited with a status of 256) |
All times are GMT -5. The time now is 02:42 AM. |