Re: Samba - how to put into domain and authenticate (once again)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



to, 2003-12-11 kello 09:36, Grosswiler Roger kirjoitti:
> do i guess right, that i have to put the entry in the following:
> 
> auth        required      /lib/security/$ISA/pam_env.so
> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
> auth        sufficient    /lib/security/$ISA/pam_winbind.so
> auth        required      /lib/security/$ISA/pam_deny.so
> 
> so it should work??
> 
It should but it would ask your password two times. Switch the order of
pam_winbind and pam_unix lines and then add use_first_pass to the
pam_unix.so-line.

In my experience it would still not work, probably. GDM will still not
let you in, at least not the way it used to work wit older versions.

What I get after that is:
Dec 11 09:38:56 humbata pam_winbind[18729]: user 'ntdomain1+mauris'
granted acces
Dec 11 09:38:56 humbata gdm-binary[18729]: Ei voitu asettaa
tunnustietojen hallintaa ntdomain1+mauris:lle

Where the latter roughly translates to: Unable to set authentication
management to ntdomain1+mauris. 

As I write this, I notice that ntdomain1+mauris is written all
lowercase. Perhaps I should try NTDOMAIN1+Mauris which probably is the
correct syntax... 

> 
> > On Wed, Dec 10, 2003 at 08:37:13AM +0100, Grosswiler Roger wrote:
> >> i sucessfully did my net rpc join from my linux-clients, so they are in
> >> the samba-domain.
> >>
> >> But: how do i login into my domain if i am on the login into linux? i
> >> thought must be the form DOMAIN\user nevertheless what you defined in
> >> winbind. But, i always get the message "Username or Password wrong".
> >>
> >> 1) What am i doing false here?
> >>
> >> If i login as a regular user, i can go into the
> >> nautilus-network-browswer,
> >> where i can see my domain and (after a login) the machines inside. But i
> >> have no mountpoints there.
> >
> > The 'login' program (or gdm, or kdm, or xdm, or whatever) probably
> > doesn't know who the user is.  Check that 'winbind' is listed in
> > /etc/nsswitch.conf on the lines for 'passwd', 'group'.
> >
> > You can run 'wbinfo -u' to check that winbind can read information about
> > your users from your domain controller, and run 'getent passwd' to check
> > if libc (and applications which use it, which is all of them, including
> > the application which is trying to authenticate you) can read
> > information about those users from the sources listed in
> > /etc/nsswitch.conf (which should include 'winbind').
> >
> > That done, you'll want to configure login and other applications to
> > authenticate users using winbind by adding a line
> >   auth sufficient pam_winbind.so
> > to /etc/pam.d/system-auth, just under the line which reads
> >   auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
> >
> > To finish up, you'll need to make sure that the user has a home
> > directory for gdm, kdm, and the like, but logging in at the console
> > should work at this point, even if the user doesn't have a home
> > directory.
> >
> > HTH,
> >
> > Nalin
> >
> >
> > --
> > fedora-list mailing list
> > fedora-list@xxxxxxxxxx
> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> >
> 
> 
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
-- 
Mauri "mos" Sahlberg	Pretax Systems Oy	+358 207 44 2228
Technology Evangelist	Pääskylänrinne 8	+358 207 44 2201
Bsc Computer Science	FIN-00500 Helsinki	www.pretax.net
Development Manager	Finland




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux