thonix
23.07.02, 15:32
Hallo Leute,
Ich hab da mal ein Problem.
Ich habe Winbindd wie folgt installiert:
First install the pam-devel packet !!!!
./configure --prefix=/usr/local/samba --bindir=/usr/local/bin --sbindir=/usr/local/sbin --mandir=/usr/local/man --with-piddir=/var/run --with-configdir=/etc --without-winbindd --with-logfilebase=/var/log/ --with-pam --with-pam_smbpass
make
make install
now you edit the /etc/nsswitch from sonething like this:
passwd: compat
group: compat
or
passwd: nisplus
group: nisplus
- somtime the parameter shadow is used too - change it with the others -
to:
passwd: winbind compat
group: winbind compat
and maybe with something like this:
shadow winbind compat
Now we will also add some lines in the /etc/pam.d/* ( this file is calling *) keep it in clean and sort the locations
at beginning the file looks somethiong like this:
#%PAM-1.0
auth required /lib/security/pam_unix.so nullok
account required /lib/security/pam_unix.so
password required /lib/security/pam_pwcheck.so nullok
password required /lib/security/pam_unix.so nullok use_first_pass use_authtok
session required /lib/security/pam_unix.so
now add the follow lines:
auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so
after edit it looks:
#%PAM-1.0
auth required /lib/security/pam_unix.so nullok
auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so
account required /lib/security/pam_winbind.so
password required /lib/security/pam_pwcheck.so nullok
password required /lib/security/pam_unix.so nullok use_first_pass use_authtok
session required /lib/security/pam_unix.so
now search the pam_winbind.so and copy to /lib/security
an example:
find / -name "pam_winbind.so"
cp /usr/src/samba-2.2.5/source/nsswitch/pam_winbind.so /lib/security
OK now join the domain
make an entry for the domain pdc in your /etc/hosts
an example:
10.1.1.1 YOURPDC
now use the command ( if you get the error command not found search the command ( find / -name "smbpasswd" )
if you have an older Version ( I dont know exactly what version) < 2.2.5 you must add an machine account in the doamin.
after this use this command
smbpasswd -j YOURDOMAIN -r YOURPDC
If you have 2.2.5 or higer you must only use this command:
smbpasswd -j YOURDOMAIN -r YOURPDC -U administrator
( you can use instead the administrator account and user with rights to create a computer account)
After one of this commands You should see Joined YOURDOMAIN
Now we must add some lins to the smb.conf
winbind separator = + (you can use "/" if you want but it can cause
problems)
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
netbios name = whatevenameyouwant
encrypt passwords = yes
preferred master = no (Important!!! can cause a lot of trouble if set
incorrectly
template shell = /bin/false (if users will be using telnet you must set /bin/bash)
workgroup = yourdomain
security = domain
password server = *
!!!! remove the () tags - and check the parameters - maybe you have double entries !!!!
Now start the smb and nmd deamon, you need then to start the winbindd ( and yes it has 2 d)
/usr/local/sbin/smbd
/usr/local/sbin/nmbd
/usr/local/sbin/winbindd
now you can use the command wbinfo -u so display all users in your domain or use the command wbinfo -g
to display the groups.
OK - mit wbinfo -u bekomme ich die use meiner Domäne angezeigt - jedoch geht hab ich keine gruppen auf meiner maschine.
-> wenn ich getent passwd mache sehe ich ledeglich meine Normale passwd.
Was habe ich vergessen ????
Ich hab da mal ein Problem.
Ich habe Winbindd wie folgt installiert:
First install the pam-devel packet !!!!
./configure --prefix=/usr/local/samba --bindir=/usr/local/bin --sbindir=/usr/local/sbin --mandir=/usr/local/man --with-piddir=/var/run --with-configdir=/etc --without-winbindd --with-logfilebase=/var/log/ --with-pam --with-pam_smbpass
make
make install
now you edit the /etc/nsswitch from sonething like this:
passwd: compat
group: compat
or
passwd: nisplus
group: nisplus
- somtime the parameter shadow is used too - change it with the others -
to:
passwd: winbind compat
group: winbind compat
and maybe with something like this:
shadow winbind compat
Now we will also add some lines in the /etc/pam.d/* ( this file is calling *) keep it in clean and sort the locations
at beginning the file looks somethiong like this:
#%PAM-1.0
auth required /lib/security/pam_unix.so nullok
account required /lib/security/pam_unix.so
password required /lib/security/pam_pwcheck.so nullok
password required /lib/security/pam_unix.so nullok use_first_pass use_authtok
session required /lib/security/pam_unix.so
now add the follow lines:
auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so
after edit it looks:
#%PAM-1.0
auth required /lib/security/pam_unix.so nullok
auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so
account required /lib/security/pam_winbind.so
password required /lib/security/pam_pwcheck.so nullok
password required /lib/security/pam_unix.so nullok use_first_pass use_authtok
session required /lib/security/pam_unix.so
now search the pam_winbind.so and copy to /lib/security
an example:
find / -name "pam_winbind.so"
cp /usr/src/samba-2.2.5/source/nsswitch/pam_winbind.so /lib/security
OK now join the domain
make an entry for the domain pdc in your /etc/hosts
an example:
10.1.1.1 YOURPDC
now use the command ( if you get the error command not found search the command ( find / -name "smbpasswd" )
if you have an older Version ( I dont know exactly what version) < 2.2.5 you must add an machine account in the doamin.
after this use this command
smbpasswd -j YOURDOMAIN -r YOURPDC
If you have 2.2.5 or higer you must only use this command:
smbpasswd -j YOURDOMAIN -r YOURPDC -U administrator
( you can use instead the administrator account and user with rights to create a computer account)
After one of this commands You should see Joined YOURDOMAIN
Now we must add some lins to the smb.conf
winbind separator = + (you can use "/" if you want but it can cause
problems)
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
netbios name = whatevenameyouwant
encrypt passwords = yes
preferred master = no (Important!!! can cause a lot of trouble if set
incorrectly
template shell = /bin/false (if users will be using telnet you must set /bin/bash)
workgroup = yourdomain
security = domain
password server = *
!!!! remove the () tags - and check the parameters - maybe you have double entries !!!!
Now start the smb and nmd deamon, you need then to start the winbindd ( and yes it has 2 d)
/usr/local/sbin/smbd
/usr/local/sbin/nmbd
/usr/local/sbin/winbindd
now you can use the command wbinfo -u so display all users in your domain or use the command wbinfo -g
to display the groups.
OK - mit wbinfo -u bekomme ich die use meiner Domäne angezeigt - jedoch geht hab ich keine gruppen auf meiner maschine.
-> wenn ich getent passwd mache sehe ich ledeglich meine Normale passwd.
Was habe ich vergessen ????