Samba - how to put into domain and authenticate (once again)
roger at gwch.net
Thu Dec 11 08:39:03 UTC 2003
i did not switch the order, but i read of use_first_pass which i also
inserted - i had two times to fill in my password. As authentication works
within the networkbrowser i have to use: DOMAIN\user (not the plus, and
domain all in Uppercase) everything else did not work...at least for me!
btw. its clear that the nautilus-network-browser works, he authenticates
via smbclient or so...that why you can't mount those directories there.
> to, 2003-12-11 kello 09:36, Grosswiler Roger kirjoitti:
>> do i guess right, that i have to put the entry in the following:
>> auth required /lib/security/$ISA/pam_env.so
>> auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
>> auth sufficient /lib/security/$ISA/pam_winbind.so
>> auth required /lib/security/$ISA/pam_deny.so
>> so it should work??
> It should but it would ask your password two times. Switch the order of
> pam_winbind and pam_unix lines and then add use_first_pass to the
> In my experience it would still not work, probably. GDM will still not
> let you in, at least not the way it used to work wit older versions.
> What I get after that is:
> Dec 11 09:38:56 humbata pam_winbind: user 'ntdomain1+mauris'
> granted acces
> Dec 11 09:38:56 humbata gdm-binary: Ei voitu asettaa
> tunnustietojen hallintaa ntdomain1+mauris:lle
> Where the latter roughly translates to: Unable to set authentication
> management to ntdomain1+mauris.
> As I write this, I notice that ntdomain1+mauris is written all
> lowercase. Perhaps I should try NTDOMAIN1+Mauris which probably is the
> correct syntax...
>> > On Wed, Dec 10, 2003 at 08:37:13AM +0100, Grosswiler Roger wrote:
>> >> i sucessfully did my net rpc join from my linux-clients, so they are
>> >> the samba-domain.
>> >> But: how do i login into my domain if i am on the login into linux? i
>> >> thought must be the form DOMAIN\user nevertheless what you defined in
>> >> winbind. But, i always get the message "Username or Password wrong".
>> >> 1) What am i doing false here?
>> >> If i login as a regular user, i can go into the
>> >> nautilus-network-browswer,
>> >> where i can see my domain and (after a login) the machines inside.
>> But i
>> >> have no mountpoints there.
>> > The 'login' program (or gdm, or kdm, or xdm, or whatever) probably
>> > doesn't know who the user is. Check that 'winbind' is listed in
>> > /etc/nsswitch.conf on the lines for 'passwd', 'group'.
>> > You can run 'wbinfo -u' to check that winbind can read information
>> > your users from your domain controller, and run 'getent passwd' to
>> > if libc (and applications which use it, which is all of them,
>> > the application which is trying to authenticate you) can read
>> > information about those users from the sources listed in
>> > /etc/nsswitch.conf (which should include 'winbind').
>> > That done, you'll want to configure login and other applications to
>> > authenticate users using winbind by adding a line
>> > auth sufficient pam_winbind.so
>> > to /etc/pam.d/system-auth, just under the line which reads
>> > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
>> > To finish up, you'll need to make sure that the user has a home
>> > directory for gdm, kdm, and the like, but logging in at the console
>> > should work at this point, even if the user doesn't have a home
>> > directory.
>> > HTH,
>> > Nalin
>> > --
>> > fedora-list mailing list
>> > fedora-list at redhat.com
>> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> Mauri "mos" Sahlberg Pretax Systems Oy +358 207 44 2228
> Technology Evangelist Pääskylänrinne 8 +358 207 44 2201
> Bsc Computer Science FIN-00500 Helsinki www.pretax.net
> Development Manager Finland
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
More information about the users