Re: Samba - how to put into domain and authenticate (once again)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi nalin,

unfortunately not @home, but trying things out asap. Have once again
inserted the line in pam.d/system-auth. was wondering, as de manual for
winbind says to make one more entry for 'accout' but i left this out to
make sure not making inaccessible my server ;-)

I did this all now on my server. i'll try to login directly on my server.
if this works, i will also implement it on the client. What still confuses
me, is that usually i thought winbind should just run on the server having
smb up and running, not on the clients.

btw. i run FC1 and Samba 3.0

Cheers and many thanks,
Roger
> On Wed, Dec 10, 2003 at 10:33:34PM +0100, Roger Grosswiler wrote:
>> i tried now again, but just entered now in the system-auth the
>> following:
>> auth        sufficient    /lib/security/$ISA/pam_smb_auth.so
>> use_first_pass nolocal
>
> The pam_smb_auth module is entirely different from winbind -- its
> configuration file is /etc/pam_smb.conf.  Its readme file states that
> you should place the domain name on the first line of the file, the name
> of the PDC on the second line, and the names of another PDC on the third
> line.
>
> The pam_smb_auth module can only perform authentication.  It can not
> provide needed information about users (UIDs, GIDs, etc.) to programs --
> you'll need something which does this.
>
> Winbind happens to provide modules which can communicate with winbind to
> accomplish both of these.  The upside of pam_smb_auth is that you can
> point it at just about any SMB server (probably even a Windows for
> Workgroups server), and it'll work, but winbind needs something at least
> as capable as a PDC.  Different tools with different capabilities for
> different-but-similar problems.
>
> Because pam_smb_auth can't provide user information, you need to set up
> *something* which will.  If not winbind, then NIS, or LDAP, or hesiod.
> Each of these requires its own server to be set up, because they use
> different protocols which your PDC likely isn't set up to serve.
>
> HTH,
>
> Nalin
>
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux