Hi all

I am trying to get windows AD logins to work with Fedora 8/9 linux.I had the same setup working well with fedora 7 , but with fedora 8/9 the problem is whenever I do "getent passwd 'username'"
the login shell is listed as /bin/false and users cannot login , even though I have set it to use /bin/bash in the smb.conf configuration file. Also I have made the necessary
changes to krb.conf , krb.realms and krb5.conf files for kerberos configuration and obtained the tickets using "kinit" . "klist" shows that I have the tickets. So can anyone please guide me as to how to get rid of "/bin/false" as login shell.

You might want to check your /etc/nsswitch.conf file. Compare it with a backup of the old system. Is winbind listed before files? Also is the winbind daemon running. If not /etc/passwd will be used as a fallback, and that sounds like what you would see running getent. Also make sure libnss_winbind.so is installed.

You may have the documentation on your system for this:
file:///usr/share/doc/samba-<version>/htmldocs/Samba3-HOWTO/winbind.html

Hi ,
I checked nsswitch.conf , i wrote "winbind" before "files" and still its the same , I get /bin/false. The strange thing is , I have enabled pam_mkhomedir.so , so if I try my windows AD login by doing "su username" , it shows messages about creating home directory , and gets me back to my local user prompt, due to no login shell. Also, if I input the wrong password , it says wrong password. So authentication seems working fine.

for more info , here is the output of getent ,

admin:*:16777216:16777216:admin:/home/ASURITE/admin:/bin/false

The library libnss_winbind.so is present and winbind is running too!

Since you are creating a home directory for the user, use "/bin/sh" or "/bin/bash" instead of /bin/false. In this situation, /bin/false shouldn't be in the /etc/passwd field. If there is a "shell" entry in the Windows record for this account ( I haven't used AD so I'm not familiar with it's LDAP entries ) then check if /bin/false is used there as well. There may be a Samba script that replicates the LDAP account values in /etc/passwd. Be sure to study the "one liners" that are in your smb.conf file. I wonder if it has to do with this being a user named "admin". Perhaps you should create an account using a regular user name who is a a member of the "Network Administrator" group. I think that admin might be aliased to "root" and so this account is considered a system account that a user should not log in as. However AFAIK, it would be "administrator" that would be equivalent to "root". You could use "vipw" or "usermod" to change the entry in /etc/passwd.

The latest edition of "Using Samba" in the book stores deals with configuring Samba to work with Active Directory. It also recommends which Windows tool works best to do things like add user acccounts & join Samba hosts. There is also script or command given to set up the Linux <-> Windows account UIDs for a new system. After that, a Samba script should be doing that as each user is added or changes their password, etc. Oneliner scripts in the smb.conf configuration handle this.

I use SuSE Linux and its YaST2 wizard works well configuring Samba & Pam to use Windows AD as the Logon authentication source. The regular /etc/passwd file is still used as a fall back. This allows a user to login to their own computer even if they aren't connected to the Windows network. They won't be able to use the windows network in this case, but they can access their home directory on the computer. This is most likely needed if you use a Linux laptop in a Windows network that you also take home or use in the field.

Fedora may have a similar wizard.

Good Luck!

--
PS. IMHO, I've learned more about Windows networking reading Samba Documentation then I knew as a windows user.

Back in the Windows 95/98 days when Microsoft and Samba worked together (at IBM's insistence) Microsoft would provide Samba with specifications on SMB and Samba would create a samba test platform which Microsoft would use for debugging. Today, this cooperation isn't the case, and when MS released phony specs (that the NFS V4 programming team used to their own detriment) as a part of the UE anti-monopoly ruling, this got the EU judges a bit upset.

Thats is my whole problem!!! I have set shell to "/bin/bash" in smb.conf , still winbind wants to report the shell as /bin/false. And since it worked in fedora 7 ,and its working with RHEL 4 and Centos 5.1 (samba ver 3.0.26b) on my other servers, I am certain the problem is with the fedora 8/9 machines.

I ahve used the wizrd in fedora (authconfig-gtk) to configure winbind and there too I have chosen login shell as /bin/bash (it reflects in the smb.conf file), still no joy !

I meant change the shell to /bin/bash in /etc/passwd.

Is this what you are referring to in smb.conf:
I wonder if an entry in /etc/passwd takes precedence. For example, are these used for a new user that doesn't exist in /etc/passwd to create an entry; or when a users credentials are changed?

Please ignore. Double posted by mistake.