samba server with ads
sir
i have configured samba server with active directory authentication, wen i use wbinfo -u it shows all the domain users. but when i log in from windows machine through ssh i use domain user to loging linux it shws access denied. help me pls. |
in your smb.conf file did you use
idmap backend = ad if so comment it out and try again. Can you post a copy of: /etc/smb.conf /etc/nsswitch.conf |
thank for ur mail
my smb.conf #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH workgroup = CENTRAL # server string is the equivalent of the NT Description field server string = Samba Server # Security mode. Defines in which mode Samba will operate. Possible # values are share, user, server, domain and ads. Most people will want # user level security. See the Samba-HOWTO-Collection for details. security = ADS # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this ; load printers = yes # you may wish to override the location of the printcap file ; printcap name = /etc/printcap # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system ; printcap name = lpstat # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, cups, sysv, plp, lprng, aix, hpux, qnx ; printing = cups # This option tells cups that the data has already been rasterized cups options = raw # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # Put a capping on the size of the log files (in Kb). max log size = 50 # Use password server option only with security = server # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s ; password server = * ; password server = <NT-Server-Name> # Use the realm option only with security = ads # Specifies the Active Directory realm the host is part of realm = CENTRAL.EDU # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. ; passdb backend = tdbsam # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting. # Note: Consider carefully the location in the configuration file of # this line. The included file is read at that point. ; include = /usr/local/samba/lib/smb.conf.%m # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job ; domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = no # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. ; domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server ; wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The default is NO. dns proxy = no # These scripts are used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts ; add user script = /usr/sbin/useradd %u ; add group script = /usr/sbin/groupadd %g ; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u ; delete user script = /usr/sbin/userdel %u ; delete user from group script = /usr/sbin/deluser %u %g ; delete group script = /usr/sbin/groupdel %g #============================ Share Definitions ============================== password server = telnet.central.edu idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = false [homes] comment = Home Directories browseable = no writeable = yes # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /usr/local/samba/lib/netlogon ; guest ok = yes ; writable = no ; share modes = no and my nssswitch /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files winbind shadow: files group: files winbind #hosts: db files nisplus nis dns hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: nisplus publickey: nisplus automount: files nisplus aliases: files nisplus |
ok
my rhel machine name is telnet my ads server machine name is data-server domain name is central.edu krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = CENTRAL.EDU dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] CENTRAL.EDU = { kdc = 192.168.100.100 default_domain = CENTRAL.EDU kdc = telnet.central.edu } [domain_realm] .central.edu = CENTRAL.EDU central.edu = CENTRAL.EDU [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } i had'nt change anything in system_auth file |
Ok you need the following options in smb.conf:
winbind enum users = true winbind enum groups = true and in krb5.conf you need to add this to the lib defaults section [libdefaults] default_realm = domain.LOCAL default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC default_tkt_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC prefered_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC and can you tell me the result of "klist" and if "getent passwd" returns only local users or domain users also. |
thanks for ur reply
i have added 1)in smb.conf #============================ Share Definitions ============================== password server = telnet.central.edu idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = yes winbind enum users = true 2)in krb5.conf [libdefaults] default_realm = CENTRAL.EDU default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC default_tkt_enctypes = RC4-HMAC HES-CBC-MD5 DES-CBC-CRC prefered_enctypes = RC4-HMAC HES-CBC-MD5 DES-CBC-CRC when i use klist output: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@CENTRAL.EDU Valid starting Expires Service principal 08/09/08 10:00:18 08/09/08 20:00:33 krbtgt/CENTRAL.EDU@CENTRAL.EDU renew until 08/10/08 10:00:18 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@telnet ~]# getant passwd -bash: getant: command not found [root@telnet ~]# getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin student:x:500:500::/home/student:/bin/bash ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false administrator:*:16777216:16777218:Administrator:/home/CENTRAL/administrator:/bin/false |
those are all local local account returned by getent.
klist is showing the tickets. does net ads testjoin return ok? try changing the security = ADS to security = ads a solution that worked for me was to remove the account for the computer from the active directory from windows then rejoin. kdestroy net join -U administrator should rejoin the computer. then see if you can view the shares from a windows workstation. |
i have done what u have said in
security =ads [root@telnet ~]# net join -U administrator administrator's password: Using short domain name -- CENTRAL Joined 'TELNET' to realm 'CENTRAL.EDU' i access using My Network Places and view administrator folder but an access usign administrator user. using putty when i connect the telnet using ssh i user administrator but the application closed. pls help me |
add
synchronize unix users = yes to the smb.conf |
thnks for ur reply.
one prob is still exist. i acn access telnet server for windows using domain administrator account but not othere domain account who are not member inadministrator group. help me thanks again |
check the ownership of the shared directories
they should either be owned by YOURDOMAIN/domain users with chgrp "YOURDOMAIN/domain users" DIRECTORIES and permissions chmod 770 DIRECTORIES chmod g+s DIRECTORIES this solved access with my system. |
Which version of samba are you using, and the AD is it 2000 or 2003, there are details regarding the versionning.
|
Interflex
thanks for reply. now when i use getent passwd, it shows all the domain user properly [root@telnet ~]# getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false student:x:500:500::/home/student:/bin/bash administrator:*:10000:10002:Administrator:/home/administrator:/bin/bash guest:*:10001:10003:Guest:/home/guest:/bin/bash support_388945a0:*:10002:10002:SUPPORT_388945a0:/home/support_388945a0:/bin/bash krbtgt:*:10003:10002:krbtgt:/home/krbtgt:/bin/bash admin:*:10004:10002:Super User:/home/admin:/bin/bash student:*:10005:10002:student pcmt:/home/student:/bin/bash user:*:10006:10002:All PCMT:/home/user:/bin/bash darothi.s:*:10007:10004:darothi sarkar:/home/darothi.s:/bin/bash admission:*:10008:10005:admission:/home/admission:/bin/bash ak.saha:*:10009:10004:Amal Krishna:/home/ak.saha:/bin/bash atas.b:*:10010:10004:Atas Kr.. Banerjee:/home/atas.b:/bin/bash p.chowdhury:*:10011:10004:Partho S. Chowdhury:/home/p.chowdhury:/bin/bash a.sarkar:*:10012:10004:Ayanagshu Sarkar:/home/a.sarkar:/bin/bash s.roychel:*:10013:10004:Saswati Roy. Chel:/home/s.roychel:/bin/bash s.paul:*:10014:10004:Sunetra Paul:/home/s.paul:/bin/bash sujit.m:*:10015:10004:Sujit Majumdar:/home/sujit.m:/bin/bash debarati.m:*:10016:10004:Debarati Majumdar:/home/debarati.m:/bin/bash susmita.b:*:10017:10004:Susmita Banerjee:/home/susmita.b:/bin/bash tanmoy.j:*:10018:10004:Tanmay Jordar:/home/tanmoy.j:/bin/bash suchana.m:*:10019:10004:Suchana Mukherjee:/home/suchana.m:/bin/bash anjana.b:*:10020:10004:Anjana Banerjee:/home/anjana.b:/bin/bash chanda.d:*:10021:10004:Chanda Das:/home/chanda.d:/bin/bash sanat.a:*:10022:10006:Sanat Adhikari:/home/sanat.a:/bin/bash shouvik.r:*:10023:10006:Shouvik Roy:/home/shouvik.r:/bin/bash manojit.c:*:10024:10006:Manojit Chattopadhyay:/home/manojit.c:/bin/bash s.dhar:*:10025:10006:Sourav Dhar:/home/s.dhar:/bin/bash nilanjan.s:*:10026:10006:Nilanjan Sen:/home/nilanjan.s:/bin/bash sudipta.k:*:10027:10006:Sudipta Kundu:/home/sudipta.k:/bin/bash b.sasmol:*:10028:10006:Binoy Sasmol:/home/b.sasmol:/bin/bash sumona.p:*:10029:10006:Sumona Paul:/home/sumona.p:/bin/bash surajit.c:*:10030:10006:Surajit Chattopadhyay:/home/surajit.c:/bin/bash ranjan.m:*:10031:10004:Ranjan Mukherjee:/home/ranjan.m:/bin/bash a.pandit:*:10032:10004:Abhijit Pandit:/home/a.pandit:/bin/bash r.mondal:*:10033:10004:Rabindranath Mandal:/home/r.mondal:/bin/bash triparna.r:*:10034:10004:Triparna Ray:/home/triparna.r:/bin/bash p.ghatak:*:10035:10004:Payel Ghatak:/home/p.ghatak:/bin/bash s.dutta:*:10036:10004:Sriparna Dutta:/home/s.dutta:/bin/bash parashar.b:*:10037:10004:Parashar Banerjee:/home/parashar.b:/bin/bash banibrata.b:*:10038:10004:Banibrata Banerjee:/home/banibrata.b:/bin/bash d.roychowdhury:*:10039:10004:D Roychowdhury:/home/d.roychowdhury:/bin/bash d.saha:*:10040:10004:Dipankar Saha:/home/d.saha:/bin/bash arup.c:*:10041:10005:Arup kr.. Chaterjee:/home/arup.c:/bin/bash mousumi.b:*:10042:10005:Mousumi Bhattacharjee:/home/mousumi.b:/bin/bash s.chowdhury:*:10043:10006:Siddhartha Chowdhury:/home/s.chowdhury:/bin/bash satadru.b:*:10044:10005:Satadru Banerjee:/home/satadru.b:/bin/bash r.das:*:10045:10005:Radhakanta Das:/home/r.das:/bin/bash falguni.rc:*:10046:10005:Falguni Roy. Chowdhury:/home/falguni.rc:/bin/bash kamal.m:*:10047:10005:kamal Mondal:/home/kamal.m:/bin/bash subhra.b:*:10048:10005:Subhra Basu:/home/subhra.b:/bin/bash paromita.c:*:10049:10005:Paromita Chakroborty:/home/paromita.c:/bin/bash a.majumdar:*:10050:10006:Arindam Majumdar:/home/a.majumdar:/bin/bash arpita.m:*:10051:10006:Arpita Mondal:/home/arpita.m:/bin/bash prasenjit.c:*:10052:10006:Prasenjit C:/home/prasenjit.c:/bin/bash rn.behera:*:10053:10006:Ravi N. Behera:/home/rn.behera:/bin/bash shibaji.m:*:10054:10006:Shibaji MirBahar:/home/shibaji.m:/bin/bash p.chaterjee:*:10055:10006:Parag Chaterjee:/home/p.chaterjee:/bin/bash ps.chakraborty:*:10056:10002:P S. Chakraborty:/home/ps.chakraborty:/bin/bash iwam_pet-server:*:10057:10002:IWAM_PET-SERVER:/home/iwam_pet-server:/bin/bash iusr_pet-server:*:10058:10002:IUSR_PET-SERVER:/home/iusr_pet-server:/bin/bash dracmpd:*:10059:10005:Amit C. Majumder:/home/dracmpd:/bin/bash ak.roy:*:10060:10004:A K. ROY:/home/ak.roy:/bin/bash goutam.d:*:10061:10004:gotam daw:/home/goutam.d:/bin/bash nabanita.m:*:10062:10004:nabanita maity:/home/nabanita.m:/bin/bash suman.c:*:10063:10004:suman chakraborty:/home/suman.c:/bin/bash prasanta.d:*:10064:10004:prasanta kr. das:/home/prasanta.d:/bin/bash kanika.k:*:10065:10004:kanika kundu:/home/kanika.k:/bin/bash sumitra.s:*:10066:10006:Sumitra Sadhukhan:/home/sumitra.s:/bin/bash aswini.g:*:10067:10006:Aswini Ghosh:/home/aswini.g:/bin/bash milan.n:*:10068:10005:Milan Naskar:/home/milan.n:/bin/bash suprabhat.m:*:10069:10005:suprabhat mondol:/home/suprabhat.m:/bin/bash k.seshadri:*:10070:10005:K.S Seshadri:/home/k.seshadri:/bin/bash a.dutta:*:10071:10005:arup dutta:/home/a.dutta:/bin/bash panchali.b:*:10072:10005:Panchali Bhattacharya:/home/panchali.b:/bin/bash susmita.s:*:10073:10006:susmita sadhukhan:/home/susmita.s:/bin/bash a.ganguly:*:10074:10005:Angshuman Ganguly:/home/a.ganguly:/bin/bash b.mousumi:*:10075:10002:Mausumi Bhattacharya:/home/b.mousumi:/bin/bash santanu:*:10076:10002:santanu roy:/home/santanu:/bin/bash account:*:10077:10005:Accounts Dept:/home/account:/bin/bash s.sarkar:*:10078:10005:Subhalakshmi Sarkar:/home/s.sarkar:/bin/bash som:*:10079:10002:som:/home/som:/bin/bash san:*:10080:10002:san:/home/san:/bin/bash m.panda:*:10081:10002:Mahasweta Panda:/home/m.panda:/bin/bash jayasri.l:*:10082:10005:Jayasri Lodh:/home/jayasri.l:/bin/bash swatilekha.p:*:10083:10002:Swatilekha Pal:/home/swatilekha.p:/bin/bash s.sengupta:*:10084:10005:S Sengupta:/home/s.sengupta:/bin/bash a.roy:*:10085:10005:Ananya Roy:/home/a.roy:/bin/bash amit.s:*:10086:10002:Amit Sharma:/home/amit.s:/bin/bash gouranga.b:*:10087:10002:Gouranga Banerjee:/home/gouranga.b:/bin/bash routine:*:10088:10002:routine:/home/routine:/bin/bash ----------------------------------------------------------------- i have changed vim /etc/pam.d/login #%PAM-1.0 auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so auth include system-auth account required pam_nologin.so account include system-auth password include system-auth account required pam_winbind.so # pam_selinux.so close should be the first session rule session required pam_mkhomedir.so skel=/etc/skel umask=002 session required pam_selinux.so close session include system-auth session required pam_loginuid.so session optional pam_console.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open session optional pam_keyinit.so force revoke ----------------------------------------------------------------------- vim /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so ----------------------------------------------------------------------- vim /etc/pam.d/gdm #%PAM-1.0 auth required pam_env.so auth include system-auth account required pam_nologin.so account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so session optional pam_console.so session required pam_mkhomedir.so skel=/etc/home umask=0022 as u said i have changed 777 to the home directory but the home directory of the domain user is not visible and also i cant login using any domain user also administrator. pls solve the problem. thanks again |
All times are GMT -5. The time now is 04:44 AM. |