Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 05-14-2013, 07:44 AM   #1
Registered: Jan 2013
Posts: 32

Rep: Reputation: Disabled
Question Cannot update ICEauthority, winbind, samba.

I have recently setup a server to act as a samba share, with active directory authentication. wbinfo -g returns all AD groups, and wbinfo -u returns all AD users. I am able to login interactively with my network admin account, but not with any other network admin's account. I can log into my domain user account, but I cannot create the home directory. I have added session required to my PAM config, but something still is not right. I've posted PAM, nsswitch, and samba config files below.
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required
auth sufficient nullok try_first_pass
auth requisite uid >= 500 quiet
auth sufficient use_first_pass
auth sufficient use_first_pass
auth required

account required broken_shadow
account sufficient
account sufficient uid < 500 quiet
account [default=bad success=ok user_unknown=ignore]
account [default=bad success=ok user_unknown=ignore]
account sufficient use_first_pass
account required

password requisite try_first_pass retry=3 type=
password sufficient sha512 shadow nullok try_first_pass use_authtok
password sufficient use_authtok
password sufficient use_first_pass
password required

session required
session optional revoke
session required
session [success=1 default=ignore] service in crond quiet use_uid
session required
session optional
session optional use_first_pass
#======================= Global Settings =====================================


workgroup = MMC
server string = Samba Server Version %v

netbios name = MMC-PS02

# --------------------------- Logging Options -----------------------------

log level = 3
log file = /var/log/samba/%m.log
max log size = 50

# ----------------------- Domain Members Options ------------------------
security = ADS
realm = MMC.DOMAIN
encrypt passwords = yes

winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 600-20000
idmap gid = 600-20000
;template primary group = "Domain Users"
template shell = /bin/bash

# allow trusted domains = Yes
# server signing = mandatory
# client signing = mandatory
# client use spnego = Yes
# ntlm auth = Yes
# lanman auth = No

# ----------------------- Browser Control Options ----------------------------
preferred master = no

# --------------------------- Printing Options -----------------------------

load printers = yes

printcap name = /etc/printcap

#============================ Share Definitions ==============================

comment = Home Directories
valid users = %S
browseable = no
writable = yes

# available = yes
# comment = Test Share
# path = /var/www/test
# writeable = yes
# browseable = yes
# invalid users = root
# create mask = 0660
# directory mask = 0770
# valid users = @DOMAIN+Group-Name
# /etc/nsswitch.conf
# Valid entries include:
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far

passwd: files winbind
shadow: files winbind
group: files winbind

hosts: files dns wins

bootparams: nisplus [NOTFOUND=return] files

ethers: db files
netmasks: files
networks: files dns
protocols: db files
rpc: files
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus
Old 05-14-2013, 11:40 AM   #2
Registered: Jan 2013
Posts: 32

Original Poster
Rep: Reputation: Disabled
Alright, I was able to:
chown root:1100 (domain users) /path/to/dir
chmod 2775 /path/to/dir

I can now log in and create a home directory. The only thing wrong now is that my users can browse through each other's folders. I know I can manually change this, but is there a way to automate permissions so that only the root and owning user can browse their home directory?

Old 05-14-2013, 12:20 PM   #3
Registered: Jan 2013
Posts: 32

Original Poster
Rep: Reputation: Disabled
I am also getting the following error still:

There is a problem with the configuration server.
(/usr/libexec/gconf-santiy-check-2 exited with a status of 256)


active directory, home directory, permissions, samba, winbind

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
could not update ICEauthority file /var/lib/gdm/.ICEauthority jkd Programming 0 06-04-2012 07:41 AM
could not update ICEauthority file /var/lib/gdm.ICEauthority ryzingsrinivas Linux - Newbie 6 04-18-2012 01:57 AM
Lucid: "Could not update ICEauthority file /home/kevin/.ICEauthority" 4dummies Ubuntu 5 01-11-2012 02:46 PM
could not update ICEauthority file /var/lib/gdm.ICEauthority ryzingsrinivas Linux - Newbie 5 12-07-2010 01:31 AM
[SOLVED] ICEauthority not update. gonvaro Linux - Newbie 2 12-01-2010 01:17 AM

All times are GMT -5. The time now is 05:54 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration