Re: an old message in debian-user

To: Yuri <yuri@sociol.unimi.it>
Cc: debian-user@lists.debian.org
Subject: Re: an old message in debian-user
From: Kent West <westk@acu.edu>
Date: Mon, 09 Dec 2002 22:04:20 -0600
Message-id: <[🔎] 3DF567C4.5070503@acu.edu>
Reply-to: westk@acu.edu
References: <20021209153407.B12737@denver.sociol.unimi.it>

Yuri wrote:

Hi! I've read your message (2002-09-02) about"Samba, PAM, Authentication off an NT Domain".

I've just found this solution and it's work. now I'm installing
woody (dual boot) in all pc of my university! :)


download samba2.2.6 source and compile it. It's easy, read readme.

/etc/samba/smb.conf:

[global]

workgroup = YOURDOMAINserver string = Samba Server %vsecurity = domainencrypt passwords = Yes

       password server = *
       log file = /var/log/samba/log.%m
       max log size = 50
       socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
       character set = ISO8859-15
       os level = 18
       local master = No
       dns proxy = No
       winbind uid = 10000-20000
       winbind gid = 10000-20000
       winbind separator = +
       template homedir = /home/%D/%U
       template shell = /bin/bash
       winbind use default domain = yes



/etc/pam.d/login:

auth    sufficient      pam_winbind.so
auth    sufficient      pam_unix.so use_first_pass
account sufficient      pam_winbind.so
account sufficient      pam_unix.so
session   required   /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022



/etc/pam.d/xlock:

auth sufficient pam_winbind.soauth sufficient pam_unix.so use_first_passaccount sufficient pam_winbind.soaccount sufficient pam_unix.so



/etc/nsswitch.conf:

passwd:     files winbind nisplus nis
shadow:     files nisplus nis
group:      files winbind nisplus nis

hosts:          files wins nisplus nis dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
hosts:      files dns



restart samba windbind...
and join the domain
smbpasswd -j <DOMAIN> -r <DOMAIN_CONTROLLER> -U <DOMAIN_ADMIN>


It's all! bye!


I'm CC'ing this to the list, for posterity.

Yuri:

I _very_ much appreciate your response. However, I still have no joy.(Of course, I haven't followed your instructions exactly, so that couldbe my problem.)

Rather than dowloading/compiling samba2.2.6, I just did an "apt-getinstall samba" from unstable. I now have at least samba, samba-common,and samba-client on the box (some from earlier attempts at this). "smbd-V" reports this version to be "2.999+3.0.alpha20-4 for Debian". Sincethe 3.0 is pretty much a rewrite, perhaps something has broken betweenhere and there.


Here's the global section of my /etc/samba/smb.conf:

[global]
  workgroup = ACU
  server string = %h server (Samba %v)
  security = domain
  encrypt passwords = true
  password server = *
  log file = /var/log/samba/log.%m
  max log size = 50
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  os level = 18
  local master = No
  dns proxy = no
  winbind uid = 10000-20000
  winbind gid = 10000-20000
  template shell = /bin/bash
  winbind separator = +
  template homedir = /home/%D/%U
  winbind use default domain = yes


and my /etc/pam.d/login:

auth	sufficient	pam_winbind.so
auth	sufficient	pam_unix.so	use_first_pass
account	sufficient	pam_winbind.so
account	sufficient	pam_unix.so
session	required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022

and my /etc/pam.d/xlock:

auth	sufficient	pam_winbind.so
auth	sufficient	pam_unix.so	use_first_pass
account	sufficient	pam_winbind.so
account	sufficient	pam_unix.so


and my /etc/nsswitch.conf:

passwd:	files	winbind
group:	files	winbind
shadow:	files	winbind


hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

I restarted /etc/init.d/samba and /etc/init.d/winbind, and then the"smbpasswd" command as you gave produced an error to use a differentcommand. So I did "net rpc join -U <DOMAIN_ADMIN>", which produced this:


[2002/12/09 21:56:24, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(303)
 cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2002/12/09 21:56:24, 1] libsmb/trust_passwd.c:just_change_the_password(44)
 just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2002/12/09 21:56:24, 1] utils/net_rpc.c:run_rpc_command(156)
 rpc command function failed! (NT_STATUS_ACCESS_DENIED)

Password: (I put in my domain password here)
Joined domain ACU.

The "getent passwd" and "getent group" commands show me username andgroup names in the ACU domain. However, when I switch over to a secondvirtual terminal and try to log in, I get "Login incorrect". I've triedlogging in as "ACU+snert" (snert is a legitimate user on the ACUdomain), as "snert", and as "westk" (westk is a local account on thebox, and it now fails also, so I better not have a power outage betweennow and when I get this fixed - doh!).


Anyone know where my problem might lie?

Thanks!

Kent


ACU+westk

Reply to:

Prev by Date: Re: 10MB lost per CD multi-session?
Next by Date: Re: [Very OT] What [OT] stands for?
Previous by thread: Re: wget PASV no route to host
Next by thread: Re: Samba, PAM, Authentication off an NT Domain
Index(es):
- Date
- Thread