public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] Winbind...
@ 2007-07-27  8:12 Anders Trobäck
  2007-07-27 12:02 ` Vladimir Rusinov
  2007-07-27 13:38 ` Stroller
  0 siblings, 2 replies; 10+ messages in thread
From: Anders Trobäck @ 2007-07-27  8:12 UTC (permalink / raw
  To: Gentoo Lists

Hi,

new to this list and Gentoo, keep that in mind:-)

I'm trying to set up winbind on a Gentoo box but I can't get it to work!

I have joined the domain and I have added winbind
to /etc/nsswitch.conf.  "wbinfo -u" and  "wbinfo -g" are working but
"getent passwd" and "getent group" only list the local accounts and
groups!

I have not done anything with my PAM files yet but I think this
step should work anyway!(?)

Any ideas out there?

Thanks!!!

-- 

============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
--
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Winbind...
  2007-07-27  8:12 [gentoo-user] Winbind Anders Trobäck
@ 2007-07-27 12:02 ` Vladimir Rusinov
  2007-07-27 12:12   ` Anders Trobäck
  2007-07-27 13:38 ` Stroller
  1 sibling, 1 reply; 10+ messages in thread
From: Vladimir Rusinov @ 2007-07-27 12:02 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 605 bytes --]

On 7/27/07, Anders Trobäck <public@troback.com> wrote:
>
> I'm trying to set up winbind on a Gentoo box but I can't get it to work!
>
> I have joined the domain and I have added winbind
> to /etc/nsswitch.conf.  "wbinfo -u" and  "wbinfo -g" are working but
> "getent passwd" and "getent group" only list the local accounts and
> groups!


cat /etc/nsswitch.conf

I have not done anything with my PAM files yet but I think this
> step should work anyway!(?)


Yes. This step should work without pam.


-- 
Vladimir Rusinov
GreenMice Solutions: IT-решения на базе Linux
http://greenmice.info/

[-- Attachment #2: Type: text/html, Size: 1179 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Winbind...
  2007-07-27 12:02 ` Vladimir Rusinov
@ 2007-07-27 12:12   ` Anders Trobäck
  0 siblings, 0 replies; 10+ messages in thread
From: Anders Trobäck @ 2007-07-27 12:12 UTC (permalink / raw
  To: gentoo-user

On Fri, 27 Jul 2007 16:02:46 +0400
"Vladimir Rusinov" <vladimir@greenmice.info> wrote:

> On 7/27/07, Anders Trobäck <public@troback.com> wrote:
> >
> > I'm trying to set up winbind on a Gentoo box but I can't get it to
> > work!
> >
> > I have joined the domain and I have added winbind
> > to /etc/nsswitch.conf.  "wbinfo -u" and  "wbinfo -g" are working but
> > "getent passwd" and "getent group" only list the local accounts and
> > groups!
> 
> 
> cat /etc/nsswitch.conf
> 
> I have not done anything with my PAM files yet but I think this
> > step should work anyway!(?)
> 
> 
> Yes. This step should work without pam.
> 
> 

cat /etc/nsswitch.conf:

passwd:      compat winbind
shadow:      compat
group:       compat winbind

hosts:       files dns
networks:    files dns

services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files

automount:   files
aliases:     files


-- 

============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
--
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Winbind...
  2007-07-27  8:12 [gentoo-user] Winbind Anders Trobäck
  2007-07-27 12:02 ` Vladimir Rusinov
@ 2007-07-27 13:38 ` Stroller
  2007-07-29  9:25   ` Vladimir Rusinov
  1 sibling, 1 reply; 10+ messages in thread
From: Stroller @ 2007-07-27 13:38 UTC (permalink / raw
  To: gentoo-user


On 27 Jul 2007, at 09:12, Anders Trobäck wrote:
> ...
> I'm trying to set up winbind on a Gentoo box but I can't get it to  
> work!
>
> I have joined the domain and I have added winbind
> to /etc/nsswitch.conf.  "wbinfo -u" and  "wbinfo -g" are working but
> "getent passwd" and "getent group" only list the local accounts and
> groups!
>
> I have not done anything with my PAM files yet but I think this
> step should work anyway!(?)

I have found `getent passwd` and `getent group` not to work entirely  
as expected.

EG:
$ getent group | grep -i dave
domain users:x: 
10000:administrator,support_399845a0,krbtgt,iusr_bodmin,iwam_bodmin,mobi 
le user tmpl,user tmpl,power user tmpl,administrator tmpl,sbs backup  
user,ned,usertemplate- 
lanesre,evelyn,tim,charlotte,dave,mandi,kim,vebra,deanne,alex,laura,anne 
,anne.h,gillian,maintenance,gail
$ getent passwd  | grep -i dave
$

This is on a mail server which has been running perfectly on the  
Windows domain for 18 months. Users are added on the Windows 2003  
server & can then get their mail from the mailserver running on the  
above Linux host. It seems necessary to restart Samba on the Linux  
box after adding a user on the Windows server, but I can assure you  
that Dave has been getting his mail quite happily ever since the  
system was set up.

My advice is to move on to the next step (PAM) & see what happens. I  
have always worked off the "Testing Things Out" section of Chapter 24  
of the Samba manual, "Winbind: Use of Domain Accounts" <http:// 
www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html> and  
have always found following it to work perfectly, but winbind doesn't  
seem well-documented elsewhere or by 3rd parties.

Stroller.--
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Winbind...
  2007-07-27 13:38 ` Stroller
@ 2007-07-29  9:25   ` Vladimir Rusinov
  2007-07-30 11:07     ` Anders Trobäck
  0 siblings, 1 reply; 10+ messages in thread
From: Vladimir Rusinov @ 2007-07-29  9:25 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 1445 bytes --]

On 7/27/07, Stroller <stroller@stellar.eclipse.co.uk> wrote:
>
> > I have not done anything with my PAM files yet but I think this
> > step should work anyway!(?)
>
> I have found `getent passwd` and `getent group` not to work entirely
> as expected.

EG:
> $ getent group | grep -i dave
> domain users:x:
> 10000:administrator,support_399845a0,krbtgt,iusr_bodmin,iwam_bodmin,mobi
> le user tmpl,user tmpl,power user tmpl,administrator tmpl,sbs backup
> user,ned,usertemplate-
> lanesre,evelyn,tim,charlotte,dave,mandi,kim,vebra,deanne,alex,laura,anne
> ,anne.h,gillian,maintenance,gail
> $ getent passwd  | grep -i dave


I had the simular problem.
I had winbind uid range 1000-10000, and I had real user with uid 1001.
Solution was to set uid range to 1010-10000.

My advice is to move on to the next step (PAM) & see what happens. I
> have always worked off the "Testing Things Out" section of Chapter 24
> of the Samba manual, "Winbind: Use of Domain Accounts" <http://
> www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html> and
> have always found following it to work perfectly, but winbind doesn't
> seem well-documented elsewhere or by 3rd parties.
>

Also, try to add winbind everywhere at nsswitch.
I can't reach my config now, but I'm sure I have more the 2 winbind lines at
nsswitch.conf.

PS: sorry for my English.

-- 
Vladimir Rusinov
GreenMice Solutions: IT-решения на базе Linux
http://greenmice.info/

[-- Attachment #2: Type: text/html, Size: 2280 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Winbind...
  2007-07-29  9:25   ` Vladimir Rusinov
@ 2007-07-30 11:07     ` Anders Trobäck
  2007-07-30 13:17       ` Stroller
  0 siblings, 1 reply; 10+ messages in thread
From: Anders Trobäck @ 2007-07-30 11:07 UTC (permalink / raw
  To: gentoo-user; +Cc: vladimir

On Sun, 29 Jul 2007 13:25:50 +0400
"Vladimir Rusinov" <vladimir@greenmice.info> wrote:

> On 7/27/07, Stroller <stroller@stellar.eclipse.co.uk> wrote:
> >
> > > I have not done anything with my PAM files yet but I think this
> > > step should work anyway!(?)
> >
> > I have found `getent passwd` and `getent group` not to work entirely
> > as expected.
> 
> EG:
> > $ getent group | grep -i dave
> > domain users:x:
> > 10000:administrator,support_399845a0,krbtgt,iusr_bodmin,iwam_bodmin,mobi
> > le user tmpl,user tmpl,power user tmpl,administrator tmpl,sbs backup
> > user,ned,usertemplate-
> > lanesre,evelyn,tim,charlotte,dave,mandi,kim,vebra,deanne,alex,laura,anne
> > ,anne.h,gillian,maintenance,gail
> > $ getent passwd  | grep -i dave
> 
> 
> I had the simular problem.
> I had winbind uid range 1000-10000, and I had real user with uid 1001.
> Solution was to set uid range to 1010-10000.
> 
> My advice is to move on to the next step (PAM) & see what happens. I
> > have always worked off the "Testing Things Out" section of Chapter
> > 24 of the Samba manual, "Winbind: Use of Domain Accounts" <http://
> > www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html>
> > and have always found following it to work perfectly, but winbind
> > doesn't seem well-documented elsewhere or by 3rd parties.
> >
> 
> Also, try to add winbind everywhere at nsswitch.
> I can't reach my config now, but I'm sure I have more the 2 winbind
> lines at nsswitch.conf.
> 
> PS: sorry for my English.
> 

Hi,

I have the rid set to 10000-20000 and I have no local users in that
range!

I can chown and chgrp but still getent are not working...

However, I did add the winbind to the system-auth like this:
auth       required     pam_env.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   pam_unix.so use_first_pass likeauth nullok

account    required     pam_unix.so

password sufficient     pam_winbind.so
password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 retry=3
password sufficient  pam_unix.so nullok md5 shadow use_authtok
password   required     pam_deny.so

session    required     pam_limits.so
session    required     pam_unix.so


Now I can ssh to the box but I as soon as I are logged on I'm kicked
off!

Any ideas?


\\anders


PS. Don't forget...I'm new to Gentoo:-) 

-- 

============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
--
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Winbind...
  2007-07-30 11:07     ` Anders Trobäck
@ 2007-07-30 13:17       ` Stroller
  2007-07-30 13:44         ` Anders Trobäck
  0 siblings, 1 reply; 10+ messages in thread
From: Stroller @ 2007-07-30 13:17 UTC (permalink / raw
  To: gentoo-user; +Cc: vladimir


On 30 Jul 2007, at 12:07, Anders Trobäck wrote:
> ...
> However, I did add the winbind to the system-auth like this:
> auth       required     pam_env.so
> auth       sufficient   /lib/security/pam_winbind.so
> auth       sufficient   pam_unix.so use_first_pass likeauth nullok
>
> account    required     pam_unix.so
>
> password sufficient     pam_winbind.so
> password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2
> ocredit=2 retry=3
> password sufficient  pam_unix.so nullok md5 shadow use_authtok
> password   required     pam_deny.so
>
> session    required     pam_limits.so
> session    required     pam_unix.so
>
>
> Now I can ssh to the box but I as soon as I are logged on I'm kicked
> off!

Do the winbind users have a shell & homedir?

I'm afraid I can't recall how the shell is defined for them, but I  
use pam_mkhomedir for the latter. I have always used courier-imap at  
home, but it doesn't use a pam session, required for pam_mkhomedir,  
so chose Dovecot IMAP for this office. I'm pretty sure that ssh works  
fine with pam_mkhomedir, tho'.

Stroller.

--
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Winbind...
  2007-07-30 13:17       ` Stroller
@ 2007-07-30 13:44         ` Anders Trobäck
  2007-07-31  5:44           ` Anders Trobäck
  0 siblings, 1 reply; 10+ messages in thread
From: Anders Trobäck @ 2007-07-30 13:44 UTC (permalink / raw
  To: gentoo-user

On Mon, 30 Jul 2007 14:17:37 +0100
Stroller <stroller@stellar.eclipse.co.uk> wrote:

> 
> On 30 Jul 2007, at 12:07, Anders Trobäck wrote:
> > ...
> > However, I did add the winbind to the system-auth like this:
> > auth       required     pam_env.so
> > auth       sufficient   /lib/security/pam_winbind.so
> > auth       sufficient   pam_unix.so use_first_pass likeauth nullok
> >
> > account    required     pam_unix.so
> >
> > password sufficient     pam_winbind.so
> > password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2
> > ocredit=2 retry=3
> > password sufficient  pam_unix.so nullok md5 shadow use_authtok
> > password   required     pam_deny.so
> >
> > session    required     pam_limits.so
> > session    required     pam_unix.so
> >
> >
> > Now I can ssh to the box but I as soon as I are logged on I'm kicked
> > off!
> 
> Do the winbind users have a shell & homedir?
> 
> I'm afraid I can't recall how the shell is defined for them, but I  
> use pam_mkhomedir for the latter. I have always used courier-imap at  
> home, but it doesn't use a pam session, required for pam_mkhomedir,  
> so chose Dovecot IMAP for this office. I'm pretty sure that ssh
> works fine with pam_mkhomedir, tho'.
> 
> Stroller.
> 

Yes the have home folders. I think that you set the shell with
"template shell" in smb.conf!(?)

-- 

============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
--
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Winbind...
  2007-07-30 13:44         ` Anders Trobäck
@ 2007-07-31  5:44           ` Anders Trobäck
  2007-07-31 11:37             ` Anders Trobäck
  0 siblings, 1 reply; 10+ messages in thread
From: Anders Trobäck @ 2007-07-31  5:44 UTC (permalink / raw
  To: gentoo-user

On Mon, 30 Jul 2007 15:44:14 +0200
Anders Trobäck <public@troback.com> wrote:

> On Mon, 30 Jul 2007 14:17:37 +0100
> Stroller <stroller@stellar.eclipse.co.uk> wrote:
> 
> > 
> > On 30 Jul 2007, at 12:07, Anders Trobäck wrote:
> > > ...
> > > However, I did add the winbind to the system-auth like this:
> > > auth       required     pam_env.so
> > > auth       sufficient   /lib/security/pam_winbind.so
> > > auth       sufficient   pam_unix.so use_first_pass likeauth nullok
> > >
> > > account    required     pam_unix.so
> > >
> > > password sufficient     pam_winbind.so
> > > password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2
> > > ocredit=2 retry=3
> > > password sufficient  pam_unix.so nullok md5 shadow use_authtok
> > > password   required     pam_deny.so
> > >
> > > session    required     pam_limits.so
> > > session    required     pam_unix.so
> > >
> > >
> > > Now I can ssh to the box but I as soon as I are logged on I'm
> > > kicked off!
> > 
> > Do the winbind users have a shell & homedir?
> > 
> > I'm afraid I can't recall how the shell is defined for them, but I  
> > use pam_mkhomedir for the latter. I have always used courier-imap
> > at home, but it doesn't use a pam session, required for
> > pam_mkhomedir, so chose Dovecot IMAP for this office. I'm pretty
> > sure that ssh works fine with pam_mkhomedir, tho'.
> > 
> > Stroller.
> > 
> 
> Yes the have home folders. I think that you set the shell with
> "template shell" in smb.conf!(?)
> 

Now it's working! It was file permissions, the home folder was set to
770 but if I chmod to 750 it worked!

Thanks for your time!!!


\\troback

-- 

============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
--
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] Winbind...
  2007-07-31  5:44           ` Anders Trobäck
@ 2007-07-31 11:37             ` Anders Trobäck
  0 siblings, 0 replies; 10+ messages in thread
From: Anders Trobäck @ 2007-07-31 11:37 UTC (permalink / raw
  To: gentoo-user

On Tue, 31 Jul 2007 07:44:38 +0200
Anders Trobäck <public@troback.com> wrote:

> On Mon, 30 Jul 2007 15:44:14 +0200
> Anders Trobäck <public@troback.com> wrote:
> 
> > On Mon, 30 Jul 2007 14:17:37 +0100
> > Stroller <stroller@stellar.eclipse.co.uk> wrote:
> > 
> > > 
> > > On 30 Jul 2007, at 12:07, Anders Trobäck wrote:
> > > > ...
> > > > However, I did add the winbind to the system-auth like this:
> > > > auth       required     pam_env.so
> > > > auth       sufficient   /lib/security/pam_winbind.so
> > > > auth       sufficient   pam_unix.so use_first_pass likeauth
> > > > nullok
> > > >
> > > > account    required     pam_unix.so
> > > >
> > > > password sufficient     pam_winbind.so
> > > > password   required     pam_cracklib.so difok=2 minlen=8
> > > > dcredit=2 ocredit=2 retry=3
> > > > password sufficient  pam_unix.so nullok md5 shadow use_authtok
> > > > password   required     pam_deny.so
> > > >
> > > > session    required     pam_limits.so
> > > > session    required     pam_unix.so
> > > >
> > > >
> > > > Now I can ssh to the box but I as soon as I are logged on I'm
> > > > kicked off!
> > > 
> > > Do the winbind users have a shell & homedir?
> > > 
> > > I'm afraid I can't recall how the shell is defined for them, but
> > > I use pam_mkhomedir for the latter. I have always used
> > > courier-imap at home, but it doesn't use a pam session, required
> > > for pam_mkhomedir, so chose Dovecot IMAP for this office. I'm
> > > pretty sure that ssh works fine with pam_mkhomedir, tho'.
> > > 
> > > Stroller.
> > > 
> > 
> > Yes the have home folders. I think that you set the shell with
> > "template shell" in smb.conf!(?)
> > 
> 
> Now it's working! It was file permissions, the home folder was set to
> 770 but if I chmod to 750 it worked!
> 
> Thanks for your time!!!
> 
> 
> \\troback
> 

Hmmm...spoke to early:-]

Well I can logon but if I enter a blank/wrong password I can logon
anyway!

Here are my /etc/pam.d/system-auth

auth       required     pam_env.so
auth       sufficient   pam_winbind.so
auth       sufficient   pam_unix.so use_first_pass likeauth nullok

account    required     pam_unix.so
account    sufficient   pam_winbind.so

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 ret ry=3
password   sufficient   pam_winbind.so
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   required     pam_deny.so

session    required     pam_limits.so
session    required     pam_unix.so


-- 

============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
--
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2007-07-31 11:44 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-07-27  8:12 [gentoo-user] Winbind Anders Trobäck
2007-07-27 12:02 ` Vladimir Rusinov
2007-07-27 12:12   ` Anders Trobäck
2007-07-27 13:38 ` Stroller
2007-07-29  9:25   ` Vladimir Rusinov
2007-07-30 11:07     ` Anders Trobäck
2007-07-30 13:17       ` Stroller
2007-07-30 13:44         ` Anders Trobäck
2007-07-31  5:44           ` Anders Trobäck
2007-07-31 11:37             ` Anders Trobäck

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox