[K12OSN] winbind--Using NT Domain Accounts on Clients

cliebow at downeast.net cliebow at downeast.net
Sat Aug 7 17:39:48 UTC 2004 

thi si in rc.local so services start upin order
#!/bin/sh
smbpasswd -j ELLSWORTH -r DC2 -U administrator%NTpassword
service smb start
service winbind start
touch /var/lock/subsys/local
chmod 744 /etc/samba/smb.conf

this is in nsswitch.conf so at low level redhat looksforauth in right places
passwd:     files winbind nisplus 
shadow:     files winbind nisplus 
group:      files winbind nisplus 

This is pam.d/system-auth so pam module does authentication

auth        required      /lib/security/pam_env.so
######working til this added
#auth	required	/lib/security/pam_mount.so
#####################################
auth        sufficient    /lib/security/pam_winbind.so use_first_pass
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
use_first_pass
auth        required      /lib/security/pam_deny.so
account     required     /lib/security/pam_unix.so
password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/pam_deny.so
session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
#killsitsession     required      /lib/security/pam_mount.so use_first_pass 


this is smb.conf or at least relevant piece of it
[global]
	log file = /var/log/samba/%m.log
	passwd chat = *New*password*Dude* %n/n *Retype*new*passord* 5n/n
*passwd:*all*authentication*tokens*updated*
	passwd program=/usr/bin/passwd %u
	load printers = yes
	smb passwd file = /etc/samba/smbpasswd
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	wins server = 10.10.0.3
	encrypt passwords = yes
	dns proxy = No
	netbios name = Eagle1
	server string = Samba Server
	writable = no
	#browseable = no
	local master = No
	remote announce = 10.10.255.255
	workgroup = ELLSWORTH
	os level = 33
	security = domain
	######################Winbind
obey pam restrictions = yes
security = domain
#winbind Separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
	winbind enum users = yes
	winbind enum groups = yes
	winbind use default domain = yes
	template homedir = /home/%U
	template shell = /bin/bash
	smbpasswd file =/etc/samba/smbpasswd
	name resolve order = hosts wins lmhosts  bcast
	password server = *
	unix password sync = yes
	create mode=700
	directory mode=700	

John Terpstra has good chapter on it in Officiasl Samba-3 handbook..these
files are from samba 2.2.8.

Hope this gives you a start..probablyi forgot something..i uisually do 8~)





---------------------------------------------
This message was sent from Downeast.Net.
http://ellsworthme.com/

More information about the K12OSN mailing list