samba server with ads
 

sir

i have configured samba server with active directory authentication,
wen i use wbinfo -u it shows all the domain users.

but when i log in from windows machine through ssh i use domain user to loging linux

it shws access denied.

help me pls.

in your smb.conf file did you use
idmap backend = ad

if so comment it out and try again. Can you post a copy of:
/etc/smb.conf
/etc/nsswitch.conf

thank for ur mail
my smb.conf
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = CENTRAL

# server string is the equivalent of the NT Description field
server string = Samba Server

# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
security = ADS

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.1. 192.168.2. 127.

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
; load printers = yes

# you may wish to override the location of the printcap file
; printcap name = /etc/printcap

# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
; printcap name = lpstat

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
; printing = cups

# This option tells cups that the data has already been rasterized
cups options = raw

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
max log size = 50

# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
; password server = *
; password server = <NT-Server-Name>

# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
realm = CENTRAL.EDU
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
; passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
# this line. The included file is read at that point.
; include = /usr/local/samba/lib/smb.conf.%m

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = no

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no

# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g


#============================ Share Definitions ==============================
password server = telnet.central.edu
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = false
[homes]
comment = Home Directories
browseable = no
writeable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no

and my nssswitch
/etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files winbind
shadow: files
group: files winbind

#hosts: db files nisplus nis dns
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: nisplus

publickey: nisplus

automount: files nisplus
aliases: files nisplus

ok

my rhel machine name is telnet
my ads server machine name is data-server
domain name is central.edu

krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = CENTRAL.EDU
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
CENTRAL.EDU = {
kdc = 192.168.100.100
default_domain = CENTRAL.EDU
kdc = telnet.central.edu
}

[domain_realm]
.central.edu = CENTRAL.EDU
central.edu = CENTRAL.EDU

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}


i had'nt change anything in system_auth file

Ok you need the following options in smb.conf:
winbind enum users = true
winbind enum groups = true


and in krb5.conf you need to add this to the lib defaults section

[libdefaults]
default_realm = domain.LOCAL
default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
prefered_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC

and can you tell me the result of "klist" and if "getent passwd" returns only local users or domain users also.

thanks for ur reply

i have added

1)in smb.conf

#============================ Share Definitions ==============================
password server = telnet.central.edu
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = yes
winbind enum users = true


2)in krb5.conf

[libdefaults]
default_realm = CENTRAL.EDU
default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = RC4-HMAC HES-CBC-MD5 DES-CBC-CRC
prefered_enctypes = RC4-HMAC HES-CBC-MD5 DES-CBC-CRC

when i use
klist

output:

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@CENTRAL.EDU

Valid starting Expires Service principal
08/09/08 10:00:18 08/09/08 20:00:33 krbtgt/CENTRAL.EDU@CENTRAL.EDU
renew until 08/10/08 10:00:18


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

[root@telnet ~]# getant passwd
-bash: getant: command not found
[root@telnet ~]# getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
distcache:x:94:94:Distcache:/:/sbin/nologin
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
student:x:500:500::/home/student:/bin/bash
ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false
administrator:*:16777216:16777218:Administrator:/home/CENTRAL/administrator:/bin/false

those are all local local account returned by getent.
klist is showing the tickets.
does net ads testjoin return ok?

try changing the security = ADS to security = ads

a solution that worked for me was to remove the account for the computer from the active directory from windows then rejoin.

kdestroy
net join -U administrator

should rejoin the computer.

then see if you can view the shares from a windows workstation.

i have done what u have said in
security =ads

[root@telnet ~]# net join -U administrator
administrator's password:
Using short domain name -- CENTRAL
Joined 'TELNET' to realm 'CENTRAL.EDU'

i access using My Network Places and view administrator folder but an access usign administrator user.

using putty when i connect the telnet using ssh i user administrator but the application closed.


pls help me

add

synchronize unix users = yes

to the smb.conf

thnks for ur reply.

one prob is still exist. i acn access telnet server for windows using domain administrator account but not othere domain account who are not member inadministrator group.


help me

thanks again

check the ownership of the shared directories
they should either be owned by YOURDOMAIN/domain users
with
chgrp "YOURDOMAIN/domain users" DIRECTORIES
and permissions
chmod 770 DIRECTORIES
chmod g+s DIRECTORIES

this solved access with my system.

Which version of samba are you using, and the AD is it 2000 or 2003, there are details regarding the versionning.

Interflex

thanks for reply.

now when i use getent passwd, it shows all the domain user properly

[root@telnet ~]# getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
distcache:x:94:94:Distcache:/:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false
student:x:500:500::/home/student:/bin/bash
administrator:*:10000:10002:Administrator:/home/administrator:/bin/bash
guest:*:10001:10003:Guest:/home/guest:/bin/bash
support_388945a0:*:10002:10002:SUPPORT_388945a0:/home/support_388945a0:/bin/bash
krbtgt:*:10003:10002:krbtgt:/home/krbtgt:/bin/bash
admin:*:10004:10002:Super User:/home/admin:/bin/bash
student:*:10005:10002:student pcmt:/home/student:/bin/bash
user:*:10006:10002:All PCMT:/home/user:/bin/bash
darothi.s:*:10007:10004:darothi sarkar:/home/darothi.s:/bin/bash
admission:*:10008:10005:admission:/home/admission:/bin/bash
ak.saha:*:10009:10004:Amal Krishna:/home/ak.saha:/bin/bash
atas.b:*:10010:10004:Atas Kr.. Banerjee:/home/atas.b:/bin/bash
p.chowdhury:*:10011:10004:Partho S. Chowdhury:/home/p.chowdhury:/bin/bash
a.sarkar:*:10012:10004:Ayanagshu Sarkar:/home/a.sarkar:/bin/bash
s.roychel:*:10013:10004:Saswati Roy. Chel:/home/s.roychel:/bin/bash
s.paul:*:10014:10004:Sunetra Paul:/home/s.paul:/bin/bash
sujit.m:*:10015:10004:Sujit Majumdar:/home/sujit.m:/bin/bash
debarati.m:*:10016:10004:Debarati Majumdar:/home/debarati.m:/bin/bash
susmita.b:*:10017:10004:Susmita Banerjee:/home/susmita.b:/bin/bash
tanmoy.j:*:10018:10004:Tanmay Jordar:/home/tanmoy.j:/bin/bash
suchana.m:*:10019:10004:Suchana Mukherjee:/home/suchana.m:/bin/bash
anjana.b:*:10020:10004:Anjana Banerjee:/home/anjana.b:/bin/bash
chanda.d:*:10021:10004:Chanda Das:/home/chanda.d:/bin/bash
sanat.a:*:10022:10006:Sanat Adhikari:/home/sanat.a:/bin/bash
shouvik.r:*:10023:10006:Shouvik Roy:/home/shouvik.r:/bin/bash
manojit.c:*:10024:10006:Manojit Chattopadhyay:/home/manojit.c:/bin/bash
s.dhar:*:10025:10006:Sourav Dhar:/home/s.dhar:/bin/bash
nilanjan.s:*:10026:10006:Nilanjan Sen:/home/nilanjan.s:/bin/bash
sudipta.k:*:10027:10006:Sudipta Kundu:/home/sudipta.k:/bin/bash
b.sasmol:*:10028:10006:Binoy Sasmol:/home/b.sasmol:/bin/bash
sumona.p:*:10029:10006:Sumona Paul:/home/sumona.p:/bin/bash
surajit.c:*:10030:10006:Surajit Chattopadhyay:/home/surajit.c:/bin/bash
ranjan.m:*:10031:10004:Ranjan Mukherjee:/home/ranjan.m:/bin/bash
a.pandit:*:10032:10004:Abhijit Pandit:/home/a.pandit:/bin/bash
r.mondal:*:10033:10004:Rabindranath Mandal:/home/r.mondal:/bin/bash
triparna.r:*:10034:10004:Triparna Ray:/home/triparna.r:/bin/bash
p.ghatak:*:10035:10004:Payel Ghatak:/home/p.ghatak:/bin/bash
s.dutta:*:10036:10004:Sriparna Dutta:/home/s.dutta:/bin/bash
parashar.b:*:10037:10004:Parashar Banerjee:/home/parashar.b:/bin/bash
banibrata.b:*:10038:10004:Banibrata Banerjee:/home/banibrata.b:/bin/bash
d.roychowdhury:*:10039:10004:D Roychowdhury:/home/d.roychowdhury:/bin/bash
d.saha:*:10040:10004:Dipankar Saha:/home/d.saha:/bin/bash
arup.c:*:10041:10005:Arup kr.. Chaterjee:/home/arup.c:/bin/bash
mousumi.b:*:10042:10005:Mousumi Bhattacharjee:/home/mousumi.b:/bin/bash
s.chowdhury:*:10043:10006:Siddhartha Chowdhury:/home/s.chowdhury:/bin/bash
satadru.b:*:10044:10005:Satadru Banerjee:/home/satadru.b:/bin/bash
r.das:*:10045:10005:Radhakanta Das:/home/r.das:/bin/bash
falguni.rc:*:10046:10005:Falguni Roy. Chowdhury:/home/falguni.rc:/bin/bash
kamal.m:*:10047:10005:kamal Mondal:/home/kamal.m:/bin/bash
subhra.b:*:10048:10005:Subhra Basu:/home/subhra.b:/bin/bash
paromita.c:*:10049:10005:Paromita Chakroborty:/home/paromita.c:/bin/bash
a.majumdar:*:10050:10006:Arindam Majumdar:/home/a.majumdar:/bin/bash
arpita.m:*:10051:10006:Arpita Mondal:/home/arpita.m:/bin/bash
prasenjit.c:*:10052:10006:Prasenjit C:/home/prasenjit.c:/bin/bash
rn.behera:*:10053:10006:Ravi N. Behera:/home/rn.behera:/bin/bash
shibaji.m:*:10054:10006:Shibaji MirBahar:/home/shibaji.m:/bin/bash
p.chaterjee:*:10055:10006:Parag Chaterjee:/home/p.chaterjee:/bin/bash
ps.chakraborty:*:10056:10002:P S. Chakraborty:/home/ps.chakraborty:/bin/bash
iwam_pet-server:*:10057:10002:IWAM_PET-SERVER:/home/iwam_pet-server:/bin/bash
iusr_pet-server:*:10058:10002:IUSR_PET-SERVER:/home/iusr_pet-server:/bin/bash
dracmpd:*:10059:10005:Amit C. Majumder:/home/dracmpd:/bin/bash
ak.roy:*:10060:10004:A K. ROY:/home/ak.roy:/bin/bash
goutam.d:*:10061:10004:gotam daw:/home/goutam.d:/bin/bash
nabanita.m:*:10062:10004:nabanita maity:/home/nabanita.m:/bin/bash
suman.c:*:10063:10004:suman chakraborty:/home/suman.c:/bin/bash
prasanta.d:*:10064:10004:prasanta kr. das:/home/prasanta.d:/bin/bash
kanika.k:*:10065:10004:kanika kundu:/home/kanika.k:/bin/bash
sumitra.s:*:10066:10006:Sumitra Sadhukhan:/home/sumitra.s:/bin/bash
aswini.g:*:10067:10006:Aswini Ghosh:/home/aswini.g:/bin/bash
milan.n:*:10068:10005:Milan Naskar:/home/milan.n:/bin/bash
suprabhat.m:*:10069:10005:suprabhat mondol:/home/suprabhat.m:/bin/bash
k.seshadri:*:10070:10005:K.S Seshadri:/home/k.seshadri:/bin/bash
a.dutta:*:10071:10005:arup dutta:/home/a.dutta:/bin/bash
panchali.b:*:10072:10005:Panchali Bhattacharya:/home/panchali.b:/bin/bash
susmita.s:*:10073:10006:susmita sadhukhan:/home/susmita.s:/bin/bash
a.ganguly:*:10074:10005:Angshuman Ganguly:/home/a.ganguly:/bin/bash
b.mousumi:*:10075:10002:Mausumi Bhattacharya:/home/b.mousumi:/bin/bash
santanu:*:10076:10002:santanu roy:/home/santanu:/bin/bash
account:*:10077:10005:Accounts Dept:/home/account:/bin/bash
s.sarkar:*:10078:10005:Subhalakshmi Sarkar:/home/s.sarkar:/bin/bash
som:*:10079:10002:som:/home/som:/bin/bash
san:*:10080:10002:san:/home/san:/bin/bash
m.panda:*:10081:10002:Mahasweta Panda:/home/m.panda:/bin/bash
jayasri.l:*:10082:10005:Jayasri Lodh:/home/jayasri.l:/bin/bash
swatilekha.p:*:10083:10002:Swatilekha Pal:/home/swatilekha.p:/bin/bash
s.sengupta:*:10084:10005:S Sengupta:/home/s.sengupta:/bin/bash
a.roy:*:10085:10005:Ananya Roy:/home/a.roy:/bin/bash
amit.s:*:10086:10002:Amit Sharma:/home/amit.s:/bin/bash
gouranga.b:*:10087:10002:Gouranga Banerjee:/home/gouranga.b:/bin/bash
routine:*:10088:10002:routine:/home/routine:/bin/bash
-----------------------------------------------------------------

i have changed
vim /etc/pam.d/login
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
account required pam_winbind.so
# pam_selinux.so close should be the first session rule
session required pam_mkhomedir.so skel=/etc/skel umask=002
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
-----------------------------------------------------------------------
vim /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
-----------------------------------------------------------------------
vim /etc/pam.d/gdm
#%PAM-1.0
auth required pam_env.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
session required pam_mkhomedir.so skel=/etc/home umask=0022


as u said i have changed 777 to the home directory but the home directory of the domain user is not visible and also i cant login using any domain user also administrator.

pls solve the problem.

thanks again