Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to get windows AD logins to work with Fedora 8/9 linux.I had the same setup working well with fedora 7 , but with fedora 8/9 the problem is whenever I do "getent passwd 'username'"
the login shell is listed as /bin/false and users cannot login , even though I have set it to use /bin/bash in the smb.conf configuration file. Also I have made the necessary
changes to krb.conf , krb.realms and krb5.conf files for kerberos configuration and obtained the tickets using "kinit" . "klist" shows that I have the tickets. So can anyone please guide me as to how to get rid of "/bin/false" as login shell.
You might want to check your /etc/nsswitch.conf file. Compare it with a backup of the old system. Is winbind listed before files? Also is the winbind daemon running. If not /etc/passwd will be used as a fallback, and that sounds like what you would see running getent. Also make sure libnss_winbind.so is installed.
You may have the documentation on your system for this:
file:///usr/share/doc/samba-<version>/htmldocs/Samba3-HOWTO/winbind.html
Hi ,
I checked nsswitch.conf , i wrote "winbind" before "files" and still its the same , I get /bin/false. The strange thing is , I have enabled pam_mkhomedir.so , so if I try my windows AD login by doing "su username" , it shows messages about creating home directory , and gets me back to my local user prompt, due to no login shell. Also, if I input the wrong password , it says wrong password. So authentication seems working fine.
Since you are creating a home directory for the user, use "/bin/sh" or "/bin/bash" instead of /bin/false. In this situation, /bin/false shouldn't be in the /etc/passwd field. If there is a "shell" entry in the Windows record for this account ( I haven't used AD so I'm not familiar with it's LDAP entries ) then check if /bin/false is used there as well. There may be a Samba script that replicates the LDAP account values in /etc/passwd. Be sure to study the "one liners" that are in your smb.conf file. I wonder if it has to do with this being a user named "admin". Perhaps you should create an account using a regular user name who is a a member of the "Network Administrator" group. I think that admin might be aliased to "root" and so this account is considered a system account that a user should not log in as. However AFAIK, it would be "administrator" that would be equivalent to "root". You could use "vipw" or "usermod" to change the entry in /etc/passwd.
The latest edition of "Using Samba" in the book stores deals with configuring Samba to work with Active Directory. It also recommends which Windows tool works best to do things like add user acccounts & join Samba hosts. There is also script or command given to set up the Linux <-> Windows account UIDs for a new system. After that, a Samba script should be doing that as each user is added or changes their password, etc. Oneliner scripts in the smb.conf configuration handle this.
I use SuSE Linux and its YaST2 wizard works well configuring Samba & Pam to use Windows AD as the Logon authentication source. The regular /etc/passwd file is still used as a fall back. This allows a user to login to their own computer even if they aren't connected to the Windows network. They won't be able to use the windows network in this case, but they can access their home directory on the computer. This is most likely needed if you use a Linux laptop in a Windows network that you also take home or use in the field.
Fedora may have a similar wizard.
Good Luck!
--
PS. IMHO, I've learned more about Windows networking reading Samba Documentation then I knew as a windows user.
Back in the Windows 95/98 days when Microsoft and Samba worked together (at IBM's insistence) Microsoft would provide Samba with specifications on SMB and Samba would create a samba test platform which Microsoft would use for debugging. Today, this cooperation isn't the case, and when MS released phony specs (that the NFS V4 programming team used to their own detriment) as a part of the UE anti-monopoly ruling, this got the EU judges a bit upset.
Thats is my whole problem!!! I have set shell to "/bin/bash" in smb.conf , still winbind wants to report the shell as /bin/false. And since it worked in fedora 7 ,and its working with RHEL 4 and Centos 5.1 (samba ver 3.0.26b) on my other servers, I am certain the problem is with the fedora 8/9 machines.
I ahve used the wizrd in fedora (authconfig-gtk) to configure winbind and there too I have chosen login shell as /bin/bash (it reflects in the smb.conf file), still no joy !
I meant change the shell to /bin/bash in /etc/passwd.
Is this what you are referring to in smb.conf:
Code:
template homedir (G)
When filling out the user information for a Windows NT user, the winbindd(8) daemon uses this parameter to fill in the
home directory for that user. If the string %D is present it is substituted with the user's Windows NT domain name. If the
string %U is present it is substituted with the user's Windows NT user name.
Default: template homedir = /home/%D/%U
template shell (G)
When filling out the user information for a Windows NT user, the winbindd(8) daemon uses this parameter to fill in the
login shell for that user.
I wonder if an entry in /etc/passwd takes precedence. For example, are these used for a new user that doesn't exist in /etc/passwd to create an entry; or when a users credentials are changed?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.