Am Mit, den 10.12.2003 schrieb Nalin Dahyabhai um 22:05: > On Wed, Dec 10, 2003 at 09:45:05PM +0100, Roger Grosswiler wrote: > > Am Mit, den 10.12.2003 schrieb Nalin Dahyabhai um 21:20: > > > The 'login' program (or gdm, or kdm, or xdm, or whatever) probably > > > doesn't know who the user is. Check that 'winbind' is listed in > > > /etc/nsswitch.conf on the lines for 'passwd', 'group'. > > if this has to be done on the side of my PDC its done...but i think its > > not possible on the client-side, as this uses the smb.conf of a working > > samba-server. > > It needs to be done on the host which is running winbind (aargh, I > should have mentioned that you need to make sure that winbindd, in the > samba-common package, is installed and running). Every client system in > the domain needs to do this in order to be able to retrieve information > about users from your PDC. > > If the client machines need to run a Samba server with a different > configuration, you should be able to set WINBIND_OPTIONS in > /etc/sysconfig/samba to have the winbind init script pass a "-s" option > to winbind (more on winbind's command-line options in the winbindd(8) > man page). > > > > You can run 'wbinfo -u' to check that winbind can read information about > > > your users from your domain controller, and run 'getent passwd' to check > > > if libc (and applications which use it, which is all of them, including > > > the application which is trying to authenticate you) can read > > > information about those users from the sources listed in > > > /etc/nsswitch.conf (which should include 'winbind'). > > i copied my entries from the pdc-smb.conf into my clients-smb.conf and > > started winbind on the client side. wbinfo -u -g -t do not have success. > > Error-Message: error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND > > (0xc0000233) > > but it was no problem getting the machine into the domain > > I'm not sure what pdc-smb.conf and clients-smb.conf are; so far as I > know, you have /etc/samba/smb.conf, and both smbd and winbind read it > for their configuration information. > > In the [globals] section of that file, you at least want to set > workgroup = (your workgroupname) > security = domain (or security = ads) > password server = (your PDC's name) > realm = (your realm name, only needed if "security" is set to "ads") > idmap uid = 16777216-33554431 (or other large numbers, just use some range > your Unix users don't have UIDs in) > idmap gid = 16777216-33554431 > > (If you're using "security = ads", you also need to configure > /etc/krb5.conf with your realm settings, but I don't think you are, so > I'll not go into that.) > > Then run the 'net ads join' or 'net rpc join' command, restart winbind > just to be sure (it might not be necessary, I haven't dug in enough to > know if it's actually necessary), and try 'wbinfo -u' again. > > You need to get winbind running and talking to your PDC, and 'wbinfo -u' > reading a list of users, before you can start with nsswitch.conf and the > PAM configuration, because both of these require a functioning winbindd > to work at all. > > HTH, > > Nalin > i tried now again, but just entered now in the system-auth the following: auth sufficient /lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal as the winbind-line did not change anything at all (except i had to type the password twice...) but still no change... i changed the smb.conf on the data i have on the pdc-entered, so it should be equal...the change in nsswitch.conf is done and the winbind-daemon is running, but still - wbinfo -u -g -t = false... > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
