RE: Windows Domain Authentication

To: "Matt Johnson" <johnsonmlw@yahoo.com>, <debian-user@lists.debian.org>
Subject: RE: Windows Domain Authentication
From: "Marcus Deluigi (intern)" <i-mardel@wicresoft.com>
Date: Tue, 6 Dec 2005 09:24:33 +0800
Message-id: <[🔎] 02BCE7ACD988F44ABFCCEC9C9C24E23602103853@ws-mail-04.wicresoft.com>

> > Is anybody using the Windows Domain Authentication for his Debian 
> > Machine?
> > 
> > I had it once working, but since I reinstalled the system, 
> I can't get 
> > it work.
> > wbinfo -u
> > and
> > kinit <username>
> > works without errors, so I think krb5.conf and smb.conf are correct.
> > 
> > However, I cannot login with the windows domain accounts, 
> so I guess 
> > pam.d must be misconfigured.
> > But I chose the same configuration as the last time:
> > 
> > /etc/pam.d/common-account:
> > ----
> > account required /lib/security/pam_winbind.so
> > ----
> > 
> > /etc/pam.d/common-auth
> > ----
> > auth sufficient pam_winbind.so
> > auth required pam_unix.so nullok_secure use_first_pass
> > ----
> > 
> > /etc/pam.d/common-password
> > ----
> > password   required   pam_unix.so nullok obscure
> > min=4 max=50 md5
> > ----
> > 
> > /etc/pam.d/common-session
> > ----
> > session required pam_unix.so
> > session optional pam_mkhomedir.so       umask=0077  
> >    skel=/etc/skel/
> > ----
> > 
> > /etc/pam.d/login
> > ----
> > auth       requisite  pam_securetty.so
> > 
> > auth       requisite  pam_nologin.so
> > 
> > auth       required   pam_env.so
> > 
> > @include common-auth
> > @include common-account
> > @include common-session
> > 
> > session    required   pam_limits.so
> > session    optional   pam_lastlog.so
> > session    optional   pam_motd.so
> > 
> > session    optional   pam_mail.so standard noenv
> > @include common-password
> > ----
> > 
> 
> What server OS? NT4? 2000? 2003?
> 
> I have a debian X terminal server authenticating from an NT domain.
> 
> Do you have the default domain for winbind set in smb.conf 
> (iuse default domain) or are you remembering to enter your 
> username as domain\username...?

The server OS is 2003.
I should be able to make a ssh-session and locale console login with
just the Windows Domain user name.
At least, that was possible with my old setup. 
I did not even have to change /etc/pam.d/ssh, since it includes
common-auth, common-account and common-session.
I don't have an X-Server installed.

My smb.conf looks like this:
---
[global]
    netbios name = bilinux2
    #workgroup = WICRESOFT
    realm = WICRESOFT.COM
    security = ads
    password server = ws-dc-01 ws-dc-02
    encrypt passwords = yes
    windind use default domain = yes

    winbind separator = \\
    idmap uid = 1000-2000
    idmap gid = 1000-2000
    winbind enum users = yes
    winbind enum groups = yes
    template homedir = home/winnt/%U
    template shell = /bin/bash

[public]
    path = /var/winnt
    writeable = yes
    locking = no
---
testparm complains, since it does not recognize the '\\' escaping, but
the last time I figured out, that shared folder only work with this
seperator.
I guess the configuration should be ok, since 'wbinfo -u' works.

/etc/nsswitch.conf looks like this:
---
passwd:         compat winbind
group:          compat winbind
shadow:         compat winbind

hosts:          files dns wins
networks:       files dns

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
---

Reply to:

Follow-Ups:
- RE: Windows Domain Authentication
  - From: Matt Johnson <johnsonmlw@yahoo.com>

Prev by Date: Re: WIFI Card DWL-G510 (Atheros chipset) installation problems
Next by Date: Delay in receiving emails
Previous by thread: Re: Windows Domain Authentication
Next by thread: RE: Windows Domain Authentication
Index(es):
- Date
- Thread