LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Cannot update ICEauthority, winbind, samba. (https://www.linuxquestions.org/questions/linux-server-73/cannot-update-iceauthority-winbind-samba-4175461914/)

irreverentryan 05-14-2013 07:44 AM
Cannot update ICEauthority, winbind, samba.
 
I have recently setup a server to act as a samba share, with active directory authentication. wbinfo -g returns all AD groups, and wbinfo -u returns all AD users. I am able to login interactively with my network admin account, but not with any other network admin's account. I can log into my domain user account, but I cannot create the home directory. I have added session required mkhomedir.so to my PAM config, but something still is not right. I've posted PAM, nsswitch, and samba config files below.
=====================================================================
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so

account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account sufficient pam_winbind.so use_first_pass
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_first_pass
password required pam_deny.so

session required pam_mkhomedir.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_krb5.so
session optional pam_winbind.so use_first_pass
=====================================================================
#/etc/samba/smb.conf
#======================= Global Settings =====================================

[global]

workgroup = MMC
server string = Samba Server Version %v

netbios name = MMC-PS02

# --------------------------- Logging Options -----------------------------

log level = 3
log file = /var/log/samba/%m.log
max log size = 50

# ----------------------- Domain Members Options ------------------------
#
security = ADS
realm = MMC.DOMAIN
encrypt passwords = yes

winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 600-20000
idmap gid = 600-20000
;template primary group = "Domain Users"
template shell = /bin/bash

# allow trusted domains = Yes
# server signing = mandatory
# client signing = mandatory
# client use spnego = Yes
# ntlm auth = Yes
# lanman auth = No



# ----------------------- Browser Control Options ----------------------------
preferred master = no

# --------------------------- Printing Options -----------------------------

load printers = yes

printcap name = /etc/printcap


#============================ Share Definitions ==============================

[homes]
comment = Home Directories
valid users = %S
browseable = no
writable = yes

#[test]
# available = yes
# comment = Test Share
# path = /var/www/test
# writeable = yes
# browseable = yes
# invalid users = root
# create mask = 0660
# directory mask = 0770
# valid users = @DOMAIN+Group-Name
=====================================================================
#
# /etc/nsswitch.conf
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far



passwd: files winbind
shadow: files winbind
group: files winbind

hosts: files dns wins

bootparams: nisplus [NOTFOUND=return] files

ethers: db files
netmasks: files
networks: files dns
protocols: db files
rpc: files
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus

irreverentryan 05-14-2013 11:40 AM
Alright, I was able to:
chown root:1100 (domain users) /path/to/dir
chmod 2775 /path/to/dir

I can now log in and create a home directory. The only thing wrong now is that my users can browse through each other's folders. I know I can manually change this, but is there a way to automate permissions so that only the root and owning user can browse their home directory?

Thanks!

irreverentryan 05-14-2013 12:20 PM
I am also getting the following error still:

There is a problem with the configuration server.
(/usr/libexec/gconf-santiy-check-2 exited with a status of 256)


All times are GMT -5. The time now is 02:42 AM.