|
Very stupid, but here we go: pam_mount + samba share = access denied?
Okay
I'm using pam_mount to mount a samba share at login time (and dismount it at logoff). I'm using samba + winbind user login (Windows 2000 AD Domain Controller network) and after logging in, after pam_mount mounts the share, I can access the share but can't write to it: Access denied!! Any help? :( |
Can you login your domain users graphicaly?
|
Yep, I can
|
What command are you using to mount the share? If you don't provide a uid or gid parameter to your mount command, only root will have write access to the share.
This link will show how to use the uid or gid parameter with mount: http://www.justlinux.com/nhf/Filesys...rmanently.html |
Quote:
|
Quote:
and Sern, check here, tell me if you see anything different from yours: /etc/samba/smb.conf: [global] log file = /var/log/samba/samba.log.0l001 load printers = yes printing = cups idmap gid = 10000-60000 read list = @"SRSP/UsersSRSP" allow trusted domains = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 write list = @"SRSP/UsersSRSP" hosts allow = 10.11.8.28, 10.11.8.32 encrypt passwords = yes winbind use default domain = yes realm = SRSP.DPF template shell = /bin/bash dns proxy = no template primary group = "SRSP/UsersSRSP" netbios name = 0l001 server string = Samba Server 0l001 winbind enum users = yes idmap uid = 10000-60000 password server = 10.11.8.28 template homedir = /home/%U workgroup = SRSP winbind enum groups = yes printcap name = /etc/printcap valid users = @"SRSP/UsersSRSP" security = ads winbind separator = + --------------------------------------------------------------------------------------------------------------------------- /etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = SRSP.DPF dns_lookup_realm = true dns_lookup_kdc = true [realms] SRSP.DPF = { kdc = 10.11.8.28 default_domain = srsp.dpf } [domain_realm] .srsp.dpf = SRSP.DPF srsp.dpf = SRSP.DPF [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } ----------------------------------------------------------------------------------------------------------------------------------- /etc/nsswitch: passwd: files winbind shadow: files winbind group: files winbind (there is more for nsswitch, but the rest really doesn't matter) ----------------------------------------------------------------------------------------------------------------------------------- /etc/pam.d/system-auth: auth required pam_env.so auth sufficient pam_winbind.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth required pam_deny.so account sufficient pam_winbind.so account required pam_unix.so password required pam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0 password sufficient pam_unix.so nullok use_authtok md5 shadow password sufficient pam_winbind.so use_authtok password required pam_deny.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session required pam_unix.so ------------------------------------------------------------------------------------------------------------------------------------ Did you added the machine to the domain? Is the smb, nmbd and winbindd daemons running? |
yea wayyyy diffrent...
smb.conf Code:
[root@WHB-LinuxBackup ~]# grep -v "^#" /etc/samba/smb.confCode:
[root@WHB-LinuxBackup ~]# grep -v "^#" /etc/krb5.confCode:
[root@WHB-LinuxBackup ~]# grep -v "^;" /etc/pam.d/system-auth |
I did excatly what you did, changing my info respectively of course , and now it just says invaild username or password for domain users
|
ok it starts to log me on and then it fails and says
Unable to create ~/.gnome directory permission denied |
| All times are GMT -5. The time now is 04:53 AM. |