* [gentoo-user] Winbind...
@ 2007-07-27 8:12 Anders Trobäck
2007-07-27 12:02 ` Vladimir Rusinov
2007-07-27 13:38 ` Stroller
0 siblings, 2 replies; 10+ messages in thread
From: Anders Trobäck @ 2007-07-27 8:12 UTC (permalink / raw
To: Gentoo Lists
Hi,
new to this list and Gentoo, keep that in mind:-)
I'm trying to set up winbind on a Gentoo box but I can't get it to work!
I have joined the domain and I have added winbind
to /etc/nsswitch.conf. "wbinfo -u" and "wbinfo -g" are working but
"getent passwd" and "getent group" only list the local accounts and
groups!
I have not done anything with my PAM files yet but I think this
step should work anyway!(?)
Any ideas out there?
Thanks!!!
--
============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-user] Winbind...
2007-07-27 8:12 [gentoo-user] Winbind Anders Trobäck
@ 2007-07-27 12:02 ` Vladimir Rusinov
2007-07-27 12:12 ` Anders Trobäck
2007-07-27 13:38 ` Stroller
1 sibling, 1 reply; 10+ messages in thread
From: Vladimir Rusinov @ 2007-07-27 12:02 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 605 bytes --]
On 7/27/07, Anders Trobäck <public@troback.com> wrote:
>
> I'm trying to set up winbind on a Gentoo box but I can't get it to work!
>
> I have joined the domain and I have added winbind
> to /etc/nsswitch.conf. "wbinfo -u" and "wbinfo -g" are working but
> "getent passwd" and "getent group" only list the local accounts and
> groups!
cat /etc/nsswitch.conf
I have not done anything with my PAM files yet but I think this
> step should work anyway!(?)
Yes. This step should work without pam.
--
Vladimir Rusinov
GreenMice Solutions: IT-решения на базе Linux
http://greenmice.info/
[-- Attachment #2: Type: text/html, Size: 1179 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-user] Winbind...
2007-07-27 12:02 ` Vladimir Rusinov
@ 2007-07-27 12:12 ` Anders Trobäck
0 siblings, 0 replies; 10+ messages in thread
From: Anders Trobäck @ 2007-07-27 12:12 UTC (permalink / raw
To: gentoo-user
On Fri, 27 Jul 2007 16:02:46 +0400
"Vladimir Rusinov" <vladimir@greenmice.info> wrote:
> On 7/27/07, Anders Trobäck <public@troback.com> wrote:
> >
> > I'm trying to set up winbind on a Gentoo box but I can't get it to
> > work!
> >
> > I have joined the domain and I have added winbind
> > to /etc/nsswitch.conf. "wbinfo -u" and "wbinfo -g" are working but
> > "getent passwd" and "getent group" only list the local accounts and
> > groups!
>
>
> cat /etc/nsswitch.conf
>
> I have not done anything with my PAM files yet but I think this
> > step should work anyway!(?)
>
>
> Yes. This step should work without pam.
>
>
cat /etc/nsswitch.conf:
passwd: compat winbind
shadow: compat
group: compat winbind
hosts: files dns
networks: files dns
services: db files
protocols: db files
rpc: db files
ethers: db files
netmasks: files
netgroup: files
bootparams: files
automount: files
aliases: files
--
============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-user] Winbind...
2007-07-27 8:12 [gentoo-user] Winbind Anders Trobäck
2007-07-27 12:02 ` Vladimir Rusinov
@ 2007-07-27 13:38 ` Stroller
2007-07-29 9:25 ` Vladimir Rusinov
1 sibling, 1 reply; 10+ messages in thread
From: Stroller @ 2007-07-27 13:38 UTC (permalink / raw
To: gentoo-user
On 27 Jul 2007, at 09:12, Anders Trobäck wrote:
> ...
> I'm trying to set up winbind on a Gentoo box but I can't get it to
> work!
>
> I have joined the domain and I have added winbind
> to /etc/nsswitch.conf. "wbinfo -u" and "wbinfo -g" are working but
> "getent passwd" and "getent group" only list the local accounts and
> groups!
>
> I have not done anything with my PAM files yet but I think this
> step should work anyway!(?)
I have found `getent passwd` and `getent group` not to work entirely
as expected.
EG:
$ getent group | grep -i dave
domain users:x:
10000:administrator,support_399845a0,krbtgt,iusr_bodmin,iwam_bodmin,mobi
le user tmpl,user tmpl,power user tmpl,administrator tmpl,sbs backup
user,ned,usertemplate-
lanesre,evelyn,tim,charlotte,dave,mandi,kim,vebra,deanne,alex,laura,anne
,anne.h,gillian,maintenance,gail
$ getent passwd | grep -i dave
$
This is on a mail server which has been running perfectly on the
Windows domain for 18 months. Users are added on the Windows 2003
server & can then get their mail from the mailserver running on the
above Linux host. It seems necessary to restart Samba on the Linux
box after adding a user on the Windows server, but I can assure you
that Dave has been getting his mail quite happily ever since the
system was set up.
My advice is to move on to the next step (PAM) & see what happens. I
have always worked off the "Testing Things Out" section of Chapter 24
of the Samba manual, "Winbind: Use of Domain Accounts" <http://
www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html> and
have always found following it to work perfectly, but winbind doesn't
seem well-documented elsewhere or by 3rd parties.
Stroller.--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-user] Winbind...
2007-07-27 13:38 ` Stroller
@ 2007-07-29 9:25 ` Vladimir Rusinov
2007-07-30 11:07 ` Anders Trobäck
0 siblings, 1 reply; 10+ messages in thread
From: Vladimir Rusinov @ 2007-07-29 9:25 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1445 bytes --]
On 7/27/07, Stroller <stroller@stellar.eclipse.co.uk> wrote:
>
> > I have not done anything with my PAM files yet but I think this
> > step should work anyway!(?)
>
> I have found `getent passwd` and `getent group` not to work entirely
> as expected.
EG:
> $ getent group | grep -i dave
> domain users:x:
> 10000:administrator,support_399845a0,krbtgt,iusr_bodmin,iwam_bodmin,mobi
> le user tmpl,user tmpl,power user tmpl,administrator tmpl,sbs backup
> user,ned,usertemplate-
> lanesre,evelyn,tim,charlotte,dave,mandi,kim,vebra,deanne,alex,laura,anne
> ,anne.h,gillian,maintenance,gail
> $ getent passwd | grep -i dave
I had the simular problem.
I had winbind uid range 1000-10000, and I had real user with uid 1001.
Solution was to set uid range to 1010-10000.
My advice is to move on to the next step (PAM) & see what happens. I
> have always worked off the "Testing Things Out" section of Chapter 24
> of the Samba manual, "Winbind: Use of Domain Accounts" <http://
> www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html> and
> have always found following it to work perfectly, but winbind doesn't
> seem well-documented elsewhere or by 3rd parties.
>
Also, try to add winbind everywhere at nsswitch.
I can't reach my config now, but I'm sure I have more the 2 winbind lines at
nsswitch.conf.
PS: sorry for my English.
--
Vladimir Rusinov
GreenMice Solutions: IT-решения на базе Linux
http://greenmice.info/
[-- Attachment #2: Type: text/html, Size: 2280 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-user] Winbind...
2007-07-29 9:25 ` Vladimir Rusinov
@ 2007-07-30 11:07 ` Anders Trobäck
2007-07-30 13:17 ` Stroller
0 siblings, 1 reply; 10+ messages in thread
From: Anders Trobäck @ 2007-07-30 11:07 UTC (permalink / raw
To: gentoo-user; +Cc: vladimir
On Sun, 29 Jul 2007 13:25:50 +0400
"Vladimir Rusinov" <vladimir@greenmice.info> wrote:
> On 7/27/07, Stroller <stroller@stellar.eclipse.co.uk> wrote:
> >
> > > I have not done anything with my PAM files yet but I think this
> > > step should work anyway!(?)
> >
> > I have found `getent passwd` and `getent group` not to work entirely
> > as expected.
>
> EG:
> > $ getent group | grep -i dave
> > domain users:x:
> > 10000:administrator,support_399845a0,krbtgt,iusr_bodmin,iwam_bodmin,mobi
> > le user tmpl,user tmpl,power user tmpl,administrator tmpl,sbs backup
> > user,ned,usertemplate-
> > lanesre,evelyn,tim,charlotte,dave,mandi,kim,vebra,deanne,alex,laura,anne
> > ,anne.h,gillian,maintenance,gail
> > $ getent passwd | grep -i dave
>
>
> I had the simular problem.
> I had winbind uid range 1000-10000, and I had real user with uid 1001.
> Solution was to set uid range to 1010-10000.
>
> My advice is to move on to the next step (PAM) & see what happens. I
> > have always worked off the "Testing Things Out" section of Chapter
> > 24 of the Samba manual, "Winbind: Use of Domain Accounts" <http://
> > www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html>
> > and have always found following it to work perfectly, but winbind
> > doesn't seem well-documented elsewhere or by 3rd parties.
> >
>
> Also, try to add winbind everywhere at nsswitch.
> I can't reach my config now, but I'm sure I have more the 2 winbind
> lines at nsswitch.conf.
>
> PS: sorry for my English.
>
Hi,
I have the rid set to 10000-20000 and I have no local users in that
range!
I can chown and chgrp but still getent are not working...
However, I did add the winbind to the system-auth like this:
auth required pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient pam_unix.so use_first_pass likeauth nullok
account required pam_unix.so
password sufficient pam_winbind.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
Now I can ssh to the box but I as soon as I are logged on I'm kicked
off!
Any ideas?
\\anders
PS. Don't forget...I'm new to Gentoo:-)
--
============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-user] Winbind...
2007-07-30 11:07 ` Anders Trobäck
@ 2007-07-30 13:17 ` Stroller
2007-07-30 13:44 ` Anders Trobäck
0 siblings, 1 reply; 10+ messages in thread
From: Stroller @ 2007-07-30 13:17 UTC (permalink / raw
To: gentoo-user; +Cc: vladimir
On 30 Jul 2007, at 12:07, Anders Trobäck wrote:
> ...
> However, I did add the winbind to the system-auth like this:
> auth required pam_env.so
> auth sufficient /lib/security/pam_winbind.so
> auth sufficient pam_unix.so use_first_pass likeauth nullok
>
> account required pam_unix.so
>
> password sufficient pam_winbind.so
> password required pam_cracklib.so difok=2 minlen=8 dcredit=2
> ocredit=2 retry=3
> password sufficient pam_unix.so nullok md5 shadow use_authtok
> password required pam_deny.so
>
> session required pam_limits.so
> session required pam_unix.so
>
>
> Now I can ssh to the box but I as soon as I are logged on I'm kicked
> off!
Do the winbind users have a shell & homedir?
I'm afraid I can't recall how the shell is defined for them, but I
use pam_mkhomedir for the latter. I have always used courier-imap at
home, but it doesn't use a pam session, required for pam_mkhomedir,
so chose Dovecot IMAP for this office. I'm pretty sure that ssh works
fine with pam_mkhomedir, tho'.
Stroller.
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-user] Winbind...
2007-07-30 13:17 ` Stroller
@ 2007-07-30 13:44 ` Anders Trobäck
2007-07-31 5:44 ` Anders Trobäck
0 siblings, 1 reply; 10+ messages in thread
From: Anders Trobäck @ 2007-07-30 13:44 UTC (permalink / raw
To: gentoo-user
On Mon, 30 Jul 2007 14:17:37 +0100
Stroller <stroller@stellar.eclipse.co.uk> wrote:
>
> On 30 Jul 2007, at 12:07, Anders Trobäck wrote:
> > ...
> > However, I did add the winbind to the system-auth like this:
> > auth required pam_env.so
> > auth sufficient /lib/security/pam_winbind.so
> > auth sufficient pam_unix.so use_first_pass likeauth nullok
> >
> > account required pam_unix.so
> >
> > password sufficient pam_winbind.so
> > password required pam_cracklib.so difok=2 minlen=8 dcredit=2
> > ocredit=2 retry=3
> > password sufficient pam_unix.so nullok md5 shadow use_authtok
> > password required pam_deny.so
> >
> > session required pam_limits.so
> > session required pam_unix.so
> >
> >
> > Now I can ssh to the box but I as soon as I are logged on I'm kicked
> > off!
>
> Do the winbind users have a shell & homedir?
>
> I'm afraid I can't recall how the shell is defined for them, but I
> use pam_mkhomedir for the latter. I have always used courier-imap at
> home, but it doesn't use a pam session, required for pam_mkhomedir,
> so chose Dovecot IMAP for this office. I'm pretty sure that ssh
> works fine with pam_mkhomedir, tho'.
>
> Stroller.
>
Yes the have home folders. I think that you set the shell with
"template shell" in smb.conf!(?)
--
============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-user] Winbind...
2007-07-30 13:44 ` Anders Trobäck
@ 2007-07-31 5:44 ` Anders Trobäck
2007-07-31 11:37 ` Anders Trobäck
0 siblings, 1 reply; 10+ messages in thread
From: Anders Trobäck @ 2007-07-31 5:44 UTC (permalink / raw
To: gentoo-user
On Mon, 30 Jul 2007 15:44:14 +0200
Anders Trobäck <public@troback.com> wrote:
> On Mon, 30 Jul 2007 14:17:37 +0100
> Stroller <stroller@stellar.eclipse.co.uk> wrote:
>
> >
> > On 30 Jul 2007, at 12:07, Anders Trobäck wrote:
> > > ...
> > > However, I did add the winbind to the system-auth like this:
> > > auth required pam_env.so
> > > auth sufficient /lib/security/pam_winbind.so
> > > auth sufficient pam_unix.so use_first_pass likeauth nullok
> > >
> > > account required pam_unix.so
> > >
> > > password sufficient pam_winbind.so
> > > password required pam_cracklib.so difok=2 minlen=8 dcredit=2
> > > ocredit=2 retry=3
> > > password sufficient pam_unix.so nullok md5 shadow use_authtok
> > > password required pam_deny.so
> > >
> > > session required pam_limits.so
> > > session required pam_unix.so
> > >
> > >
> > > Now I can ssh to the box but I as soon as I are logged on I'm
> > > kicked off!
> >
> > Do the winbind users have a shell & homedir?
> >
> > I'm afraid I can't recall how the shell is defined for them, but I
> > use pam_mkhomedir for the latter. I have always used courier-imap
> > at home, but it doesn't use a pam session, required for
> > pam_mkhomedir, so chose Dovecot IMAP for this office. I'm pretty
> > sure that ssh works fine with pam_mkhomedir, tho'.
> >
> > Stroller.
> >
>
> Yes the have home folders. I think that you set the shell with
> "template shell" in smb.conf!(?)
>
Now it's working! It was file permissions, the home folder was set to
770 but if I chmod to 750 it worked!
Thanks for your time!!!
\\troback
--
============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [gentoo-user] Winbind...
2007-07-31 5:44 ` Anders Trobäck
@ 2007-07-31 11:37 ` Anders Trobäck
0 siblings, 0 replies; 10+ messages in thread
From: Anders Trobäck @ 2007-07-31 11:37 UTC (permalink / raw
To: gentoo-user
On Tue, 31 Jul 2007 07:44:38 +0200
Anders Trobäck <public@troback.com> wrote:
> On Mon, 30 Jul 2007 15:44:14 +0200
> Anders Trobäck <public@troback.com> wrote:
>
> > On Mon, 30 Jul 2007 14:17:37 +0100
> > Stroller <stroller@stellar.eclipse.co.uk> wrote:
> >
> > >
> > > On 30 Jul 2007, at 12:07, Anders Trobäck wrote:
> > > > ...
> > > > However, I did add the winbind to the system-auth like this:
> > > > auth required pam_env.so
> > > > auth sufficient /lib/security/pam_winbind.so
> > > > auth sufficient pam_unix.so use_first_pass likeauth
> > > > nullok
> > > >
> > > > account required pam_unix.so
> > > >
> > > > password sufficient pam_winbind.so
> > > > password required pam_cracklib.so difok=2 minlen=8
> > > > dcredit=2 ocredit=2 retry=3
> > > > password sufficient pam_unix.so nullok md5 shadow use_authtok
> > > > password required pam_deny.so
> > > >
> > > > session required pam_limits.so
> > > > session required pam_unix.so
> > > >
> > > >
> > > > Now I can ssh to the box but I as soon as I are logged on I'm
> > > > kicked off!
> > >
> > > Do the winbind users have a shell & homedir?
> > >
> > > I'm afraid I can't recall how the shell is defined for them, but
> > > I use pam_mkhomedir for the latter. I have always used
> > > courier-imap at home, but it doesn't use a pam session, required
> > > for pam_mkhomedir, so chose Dovecot IMAP for this office. I'm
> > > pretty sure that ssh works fine with pam_mkhomedir, tho'.
> > >
> > > Stroller.
> > >
> >
> > Yes the have home folders. I think that you set the shell with
> > "template shell" in smb.conf!(?)
> >
>
> Now it's working! It was file permissions, the home folder was set to
> 770 but if I chmod to 750 it worked!
>
> Thanks for your time!!!
>
>
> \\troback
>
Hmmm...spoke to early:-]
Well I can logon but if I enter a blank/wrong password I can logon
anyway!
Here are my /etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass likeauth nullok
account required pam_unix.so
account sufficient pam_winbind.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 ret ry=3
password sufficient pam_winbind.so
password sufficient pam_unix.so nullok md5 shadow use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
--
============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2007-07-31 11:44 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-07-27 8:12 [gentoo-user] Winbind Anders Trobäck
2007-07-27 12:02 ` Vladimir Rusinov
2007-07-27 12:12 ` Anders Trobäck
2007-07-27 13:38 ` Stroller
2007-07-29 9:25 ` Vladimir Rusinov
2007-07-30 11:07 ` Anders Trobäck
2007-07-30 13:17 ` Stroller
2007-07-30 13:44 ` Anders Trobäck
2007-07-31 5:44 ` Anders Trobäck
2007-07-31 11:37 ` Anders Trobäck
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox