SAMBA & Winbind Problems - What next?

Networking/Security Forums -> UNIX // GNU/Linux

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Fri Sep 27, 2002 1:42 pm    Post subject: SAMBA & Winbind Problems - What next?
    ----
I've had a long ride setting up SAMBA and Winbind, essentially what
I'm trying to do at the moment is transfer the file server from the Win2k server to a Linux machine to east the strain and spread the network traffic out over different switches.

I am using SAMBA 2.2.5 and Debian 3.0.

I have SAMBA working fine, I can browse the Public and Temp shares and write to them from a Win2k machine.

I have Winbind working as far as I can tell, wbinfo -t gives an ok, wbinfo -u returns users and same for -g.

I have done getent passwd and getent group and all the users show up ok.

When I try and logout and log back into Xwindows with a Domain rather than local user (they are all listed correctly in kdm DOMAIN+User), the login always fails even when I know the password is correct.

I can browse my home directory, but only if I have a local user on the linux machine that matches my network logon if I try from another logon without the equivalent linux entry it doesn't work.

The domain authentication doesn't seem to working.

(security = domain is set).

How do I create and get home directories working and how do I set up shares with group properties, e.g. only Managers are allowed access etc.

Config files and more available on request.

Do I need to do all the PAM authentication stuff? I've tried but my source directory doesn't contain a pam_winbind.so file?

Pretty lost on what to do now.. Embarassed Shocked Embarassed

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Fri Sep 27, 2002 3:35 pm    Post subject:
    ----
U using mixed mode or win2k authentication?

Last looked at samba about a year ago and there were some biggish issues with the Win2k only authentication. Some 5h17 to do with the secure channel i think Confused .

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Fri Sep 27, 2002 3:42 pm    Post subject:
    ----
Mixed cos we're mostly Win98, only me who uses Win2k Wink

Nah SAMBA has come a long way now, and Winbind, can deal with AD and everything now I think.

3 Alpha was released today aswell, I might way till that goes RC or something and try again with that.

I think it might just be PAM issues though..

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Fri Sep 27, 2002 4:13 pm    Post subject:
    ----
I think you're right.

I had a look at the man page for winbindd
http://us1.samba.org/samba/docs/man/winbindd.8.html
and it does mention using pam_winbind to handle the authentication.

I looks a lot better than my last experience so I'll be playing with samba again v v soon!

Cool

Author: hadsLocation: New Zealand PostPosted: Fri Sep 27, 2002 4:42 pm    Post subject:
    ----
'scuse me for asking but I thought that the domain security was only for users connectiong to the samba box from another box.

I didn't think that it had reached the stage of e.g allowing local user logon on the linux box authenticating in the domain. Only users accessing the shares etc could be authenticated against the domain.

I could be completely wrong and behind the times tho... if so could you point me to docs that show where you can replace local nix users with domain security? Would be interesting.

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Fri Sep 27, 2002 4:50 pm    Post subject:
    ----
Nope SAMBA can be a PDC now, and Winbind allows you to logon Domain users without having to create local accounts.

It supports roaming profiles, home directories the lot.

All I'm trying to do at the moment is move users home directories and the main company files shares but use Domain authentication for the shares.

Check out the docs at:

http://samba.mirror.ac.uk/samba/docs/man/winbindd.8.html

http://samba.mirror.ac.uk/samba/docs/man/wbinfo.1.html

http://samba.mirror.ac.uk/samba/docs/Samba-HOWTO-Collection.html

http://samba.mirror.ac.uk/samba/docs/Samba-HOWTO-Collection.html#WINBIND

Author: hadsLocation: New Zealand PostPosted: Fri Sep 27, 2002 5:11 pm    Post subject:
    ----
hmmm... yeah, I was kinda on a different wavelength Confused (am + beer)

I knew about the PDC function etc. (halfway through doing the same thing myself at one site)

I just didn't think you would be able to logon to the linux box locally with a domain account (for some reason or other). Rather, just access shares with domain accounts.

I must go do some reading now.



Networking/Security Forums -> UNIX // GNU/Linux


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group