LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-17-2005, 03:23 PM   #1
Thakowbbery
Member
 
Registered: Mar 2005
Posts: 138

Rep: Reputation: 17
Very stupid, but here we go: pam_mount + samba share = access denied?


Okay
I'm using pam_mount to mount a samba share at login time (and dismount it at logoff).
I'm using samba + winbind user login (Windows 2000 AD Domain Controller network) and after logging in, after pam_mount mounts the share, I can access the share but can't write to it: Access denied!!

Any help?
 
Old 05-18-2005, 02:39 PM   #2
Sern
Member
 
Registered: May 2005
Location: New York
Distribution: Fedora Core 3
Posts: 57

Rep: Reputation: 15
Can you login your domain users graphicaly?
 
Old 05-19-2005, 10:24 AM   #3
Thakowbbery
Member
 
Registered: Mar 2005
Posts: 138

Original Poster
Rep: Reputation: 17
Yep, I can
 
Old 05-19-2005, 10:56 AM   #4
cowanrl
Member
 
Registered: Dec 2004
Location: Western Pennsylvania, USA
Distribution: Red Hat
Posts: 150

Rep: Reputation: 15
What command are you using to mount the share? If you don't provide a uid or gid parameter to your mount command, only root will have write access to the share.

This link will show how to use the uid or gid parameter with mount:

http://www.justlinux.com/nhf/Filesys...rmanently.html
 
Old 05-19-2005, 03:20 PM   #5
Sern
Member
 
Registered: May 2005
Location: New York
Distribution: Fedora Core 3
Posts: 57

Rep: Reputation: 15
Quote:
Originally posted by Thakowbbery
Yep, I can
How did you get it to , cause i can't for the life of me
 
Old 05-20-2005, 10:06 AM   #6
Thakowbbery
Member
 
Registered: Mar 2005
Posts: 138

Original Poster
Rep: Reputation: 17
Quote:
Originally posted by cowanrl
What command are you using to mount the share? If you don't provide a uid or gid parameter to your mount command, only root will have write access to the share.

This link will show how to use the uid or gid parameter with mount:

http://www.justlinux.com/nhf/Filesys...rmanently.html
actually I've already managed to do it, but thanks anyway


and Sern, check here, tell me if you see anything different from yours:

/etc/samba/smb.conf:

[global]
log file = /var/log/samba/samba.log.0l001
load printers = yes
printing = cups
idmap gid = 10000-60000
read list = @"SRSP/UsersSRSP"
allow trusted domains = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
write list = @"SRSP/UsersSRSP"
hosts allow = 10.11.8.28, 10.11.8.32
encrypt passwords = yes
winbind use default domain = yes
realm = SRSP.DPF
template shell = /bin/bash
dns proxy = no
template primary group = "SRSP/UsersSRSP"
netbios name = 0l001
server string = Samba Server 0l001
winbind enum users = yes
idmap uid = 10000-60000
password server = 10.11.8.28
template homedir = /home/%U
workgroup = SRSP
winbind enum groups = yes
printcap name = /etc/printcap
valid users = @"SRSP/UsersSRSP"
security = ads
winbind separator = +

---------------------------------------------------------------------------------------------------------------------------
/etc/krb5.conf:

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = SRSP.DPF
dns_lookup_realm = true
dns_lookup_kdc = true

[realms]
SRSP.DPF = {
kdc = 10.11.8.28
default_domain = srsp.dpf
}

[domain_realm]
.srsp.dpf = SRSP.DPF
srsp.dpf = SRSP.DPF

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

-----------------------------------------------------------------------------------------------------------------------------------
/etc/nsswitch:

passwd: files winbind
shadow: files winbind
group: files winbind
(there is more for nsswitch, but the rest really doesn't matter)
-----------------------------------------------------------------------------------------------------------------------------------
/etc/pam.d/system-auth:

auth required pam_env.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so likeauth nullok use_first_pass
auth required pam_deny.so

account sufficient pam_winbind.so
account required pam_unix.so

password required pam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0
password sufficient pam_unix.so nullok use_authtok md5 shadow
password sufficient pam_winbind.so use_authtok
password required pam_deny.so

session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_limits.so
session required pam_unix.so

------------------------------------------------------------------------------------------------------------------------------------

Did you added the machine to the domain?
Is the smb, nmbd and winbindd daemons running?
 
Old 05-20-2005, 10:43 AM   #7
Sern
Member
 
Registered: May 2005
Location: New York
Distribution: Fedora Core 3
Posts: 57

Rep: Reputation: 15
yea wayyyy diffrent...

smb.conf
Code:
[root@WHB-LinuxBackup ~]# grep -v "^#" /etc/samba/smb.conf

[global]
        workgroup = DUNNPC
        realm = DUNNPC.COM
        server string = WHBLinuxServer
        security = ADS
        password server = 192.168.20.2
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        local master = No
        domain master = Yes
        dns proxy = No
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431
        template shell = /bin/bash
        winbind use default domain = Yes
        cups options = raw

[homes]
        read only = No
        create mask = 0777
        valid users = dunnpc\%U
        directory mask = 0777
        guest ok = no
        browseable = yes
        writeable = yes

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[html]
        path = /var/www/html
        valid users = dunnpc\azabielski,dunnpc\droach
        read only = No
krb5.conf
Code:
[root@WHB-LinuxBackup ~]# grep -v "^#" /etc/krb5.conf
  [logging]
    default = FILE:/var/log/krb5/libs.log
    kdc = FILE:/var/log/krb5/kdc.log
    admin_server = FILE:/var/log/krb5/admin.log

  [libdefaults]
    ticket_lifetime = 24000
 default_realm = DUNNPC.COM
    default_tgs_enctypes = des-cbc-crc des-cbc-md5
    default_tkt_enctypes = des-cbc-crc des-cbc-md5
    forwardable = true
    proxiable = true
 dns_lookup_realm = true
 dns_lookup_kdc = true

  [realms]
    dunnpc.com = {
      kdc = 192.168.20.2
    }

 DUNNPC.COM = {
 }

 DUNNPC.COM = {
  kdc = 192.168.20.2
 }

  [domain_realm]
    .dunnpc.com = DUNNPC.COM
    dunnpc.com = DUNNPC.COM

  [kdc]
    profile = /var/kerberos/krb5kdc/kdc.conf

  [pam]
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
system-auth
Code:
[root@WHB-LinuxBackup ~]# grep -v "^;" /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_krb5.so use_first_pass
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        sufficient    /lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account     [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_krb5.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis
password    sufficient    /lib/security/$ISA/pam_krb5.so use_authtok
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so
session     optional      /lib/security/$ISA/pam_ldap.so
 
Old 05-23-2005, 10:16 AM   #8
Sern
Member
 
Registered: May 2005
Location: New York
Distribution: Fedora Core 3
Posts: 57

Rep: Reputation: 15
I did excatly what you did, changing my info respectively of course , and now it just says invaild username or password for domain users
 
Old 05-23-2005, 11:43 AM   #9
Sern
Member
 
Registered: May 2005
Location: New York
Distribution: Fedora Core 3
Posts: 57

Rep: Reputation: 15
ok it starts to log me on and then it fails and says
Unable to create ~/.gnome directory permission denied
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba - access denied on windows time112852 Linux - Software 11 06-04-2010 11:08 AM
Can't access my linux share through samba. I get permission denied. mlsbraves Linux - Software 1 08-16-2005 08:59 PM
Samba Share SMB.CONF Access Denied mikeaustn Linux - Software 1 09-28-2004 04:14 PM
Samba - Access denied aikempshall Linux - Networking 22 08-24-2004 07:50 AM
Samba Printer Share on Win2K Access Denied, No Connection available MobbyDick Linux - Software 38 07-17-2003 11:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration