LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-14-2013, 07:44 AM   #1
irreverentryan
Member
 
Registered: Jan 2013
Posts: 32

Rep: Reputation: Disabled
Question Cannot update ICEauthority, winbind, samba.


I have recently setup a server to act as a samba share, with active directory authentication. wbinfo -g returns all AD groups, and wbinfo -u returns all AD users. I am able to login interactively with my network admin account, but not with any other network admin's account. I can log into my domain user account, but I cannot create the home directory. I have added session required mkhomedir.so to my PAM config, but something still is not right. I've posted PAM, nsswitch, and samba config files below.
=====================================================================
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so

account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account sufficient pam_winbind.so use_first_pass
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_first_pass
password required pam_deny.so

session required pam_mkhomedir.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_krb5.so
session optional pam_winbind.so use_first_pass
=====================================================================
#/etc/samba/smb.conf
#======================= Global Settings =====================================

[global]

workgroup = MMC
server string = Samba Server Version %v

netbios name = MMC-PS02

# --------------------------- Logging Options -----------------------------

log level = 3
log file = /var/log/samba/%m.log
max log size = 50

# ----------------------- Domain Members Options ------------------------
#
security = ADS
realm = MMC.DOMAIN
encrypt passwords = yes

winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 600-20000
idmap gid = 600-20000
;template primary group = "Domain Users"
template shell = /bin/bash

# allow trusted domains = Yes
# server signing = mandatory
# client signing = mandatory
# client use spnego = Yes
# ntlm auth = Yes
# lanman auth = No



# ----------------------- Browser Control Options ----------------------------
preferred master = no

# --------------------------- Printing Options -----------------------------

load printers = yes

printcap name = /etc/printcap


#============================ Share Definitions ==============================

[homes]
comment = Home Directories
valid users = %S
browseable = no
writable = yes

#[test]
# available = yes
# comment = Test Share
# path = /var/www/test
# writeable = yes
# browseable = yes
# invalid users = root
# create mask = 0660
# directory mask = 0770
# valid users = @DOMAIN+Group-Name
=====================================================================
#
# /etc/nsswitch.conf
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far



passwd: files winbind
shadow: files winbind
group: files winbind

hosts: files dns wins

bootparams: nisplus [NOTFOUND=return] files

ethers: db files
netmasks: files
networks: files dns
protocols: db files
rpc: files
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus
 
Old 05-14-2013, 11:40 AM   #2
irreverentryan
Member
 
Registered: Jan 2013
Posts: 32

Original Poster
Rep: Reputation: Disabled
Alright, I was able to:
chown root:1100 (domain users) /path/to/dir
chmod 2775 /path/to/dir

I can now log in and create a home directory. The only thing wrong now is that my users can browse through each other's folders. I know I can manually change this, but is there a way to automate permissions so that only the root and owning user can browse their home directory?

Thanks!
 
Old 05-14-2013, 12:20 PM   #3
irreverentryan
Member
 
Registered: Jan 2013
Posts: 32

Original Poster
Rep: Reputation: Disabled
I am also getting the following error still:

There is a problem with the configuration server.
(/usr/libexec/gconf-santiy-check-2 exited with a status of 256)
 
  


Reply

Tags
active directory, home directory, permissions, samba, winbind


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
could not update ICEauthority file /var/lib/gdm/.ICEauthority jkd Programming 0 06-04-2012 07:41 AM
could not update ICEauthority file /var/lib/gdm.ICEauthority ryzingsrinivas Linux - Newbie 6 04-18-2012 01:57 AM
Lucid: "Could not update ICEauthority file /home/kevin/.ICEauthority" 4dummies Ubuntu 5 01-11-2012 02:46 PM
could not update ICEauthority file /var/lib/gdm.ICEauthority ryzingsrinivas Linux - Newbie 5 12-07-2010 01:31 AM
[SOLVED] ICEauthority not update. gonvaro Linux - Newbie 2 12-01-2010 01:17 AM


All times are GMT -5. The time now is 06:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration