Linux-Noob Forums

Full Version: samba server login using windows domain user
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Sir

 

i am using centos 5. i tried to configure samba server login using windows domain user. may be i was worng in any file .

my windows domain server= data-server.central.edu (192.168.100.100)

samba server=telnet (192.168.100.167)

my krb5.conf

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log

 

[libdefaults]

default_realm = CENTRAL.EDU

default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc

default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

 

[realms]

CENTRAL.EDU = {

kdc = data-server.central.edu

default_domain = central.edu

}

 

[domain_realm]

.central.edu = CENTRAL.EDU

central.edu = CENTRAL.EDU

 

[kdc]

profile = /var/kerberos/krb5kdc/kdc.conf

----------------------------------------------------------------------------------

smb.conf

 

#======================= Global Settings =====================================

[global]

 

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH

workgroup = CENTRAL

 

# server string is the equivalent of the NT Description field

server string = Samba Server

 

# Security mode. Defines in which mode Samba will operate. Possible

# values are share, user, server, domain and ads. Most people will want

# user level security. See the Samba-HOWTO-Collection for details.

security = ADS

 

# This option is important for security. It allows you to restrict

# connections to machines which are on your local network. The

# following example restricts access to two C class networks and

# the "loopback" interface. For more examples of the syntax see

# the smb.conf man page

; hosts allow = 192.168.1. 192.168.2. 127.

 

# If you want to automatically load your printer list rather

# than setting them up individually then you'll need this

; load printers = yes

 

# you may wish to override the location of the printcap file

; printcap name = /etc/printcap

 

# on SystemV system setting printcap name to lpstat should allow

# you to automatically obtain a printer list from the SystemV spool

# system

; printcap name = lpstat

 

# It should not be necessary to specify the print system type unless

# it is non-standard. Currently supported print systems include:

# bsd, cups, sysv, plp, lprng, aix, hpux, qnx

; printing = cups

 

# This option tells cups that the data has already been rasterized

cups options = raw

 

# Uncomment this if you want a guest account, you must add this to /etc/passwd

# otherwise the user "nobody" is used

; guest account = pcguest

 

# this tells Samba to use a separate log file for each machine

# that connects

log file = /var/log/samba/%m.log

 

# Put a capping on the size of the log files (in Kb).

max log size = 50

 

# Use password server option only with security = server

# The argument list may include:

# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]

# or to auto-locate the domain controller/s

# password server = *

password server = data-server.central.edu

 

# Use the realm option only with security = ads

# Specifies the Active Directory realm the host is part of

realm = CENTRAL.EDU

 

# Backend to store user information in. New installations should

# use either tdbsam or ldapsam. smbpasswd is available for backwards

# compatibility. tdbsam requires no further configuration.

; passdb backend = tdbsam

 

# Using the following line enables you to customise your configuration

# on a per machine basis. The %m gets replaced with the netbios name

# of the machine that is connecting.

# Note: Consider carefully the location in the configuration file of

# this line. The included file is read at that point.

; include = /usr/local/samba/lib/smb.conf.%m

 

# Configure Samba to use multiple interfaces

# If you have multiple network interfaces then you must list them

# here. See the man page for details.

; interfaces = 192.168.12.2/24 192.168.13.2/24

 

# Browser Control Options:

# set local master to no if you don't want Samba to become a master

# browser on your network. Otherwise the normal election rules apply

local master = no

 

# OS Level determines the precedence of this server in master browser

# elections. The default value should be reasonable

; os level = 33

 

# Domain Master specifies Samba to be the Domain Master Browser. This

# allows Samba to collate browse lists between subnets. Don't use this

# if you already have a Windows NT domain controller doing this job

; domain master = yes

 

# Preferred Master causes Samba to force a local browser election on startup

# and gives it a slightly higher chance of winning the election

preferred master = no

 

# Enable this if you want Samba to be a domain logon server for

# Windows95 workstations.

; domain logons = yes

 

# if you enable domain logons then you may want a per-machine or

# per user logon script

# run a specific logon batch file per workstation (machine)

; logon script = %m.bat

# run a specific logon batch file per username

; logon script = %U.bat

 

# Where to store roving profiles (only for Win95 and WinNT)

# %L substitutes for this servers netbios name, %U is username

# You must uncomment the [Profiles] share below

; logon path = \\%L\Profiles\%U

 

# Windows Internet Name Serving Support Section:

# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server

; wins support = yes

 

# WINS Server - Tells the NMBD components of Samba to be a WINS Client

# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

; wins server = w.x.y.z

 

# WINS Proxy - Tells Samba to answer name resolution queries on

# behalf of a non WINS capable client, for this to work there must be

# at least one WINS Server on the network. The default is NO.

; wins proxy = no

 

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names

# via DNS nslookups. The default is NO.

dns proxy = no

 

# These scripts are used on a domain controller or stand-alone

# machine to add or delete corresponding unix accounts

; add user script = /usr/sbin/useradd %u

; add group script = /usr/sbin/groupadd %g

; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u

; delete user script = /usr/sbin/userdel %u

; delete user from group script = /usr/sbin/deluser %u %g

; delete group script = /usr/sbin/groupdel %g

idmap uid = 10000-20000

idmap gid = 10000-20000

winbind enum users = yes

winbind enum groups = yes

winbind use default domain = yes

template homedir = /home/%U

template shell = /bin/bash

; encrypt passwords = yes

--------------------------------------------------------------------------------------------

nssswitch.conf

passwd: compat winbind

shadow: files

group: compat winbind

-----------------------------------------------------------------------------

login

#%PAM-1.0

auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so

auth include system-auth

account required pam_nologin.so

account include system-auth

password include system-auth

account required pam_winbind.so

# pam_selinux.so close should be the first session rule

session required pam_mkhomedir.so skel=/etc/skel umask=002

session required pam_selinux.so close

session include system-auth

session required pam_loginuid.so

session optional pam_console.so

# pam_selinux.so open should only be followed by sessions to be executed in the user context

session required pam_selinux.so open

session optional pam_keyinit.so force revoke

---------------------------------------------------------------------------

system_auth

 

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required pam_env.so

auth sufficient pam_unix.so nullok try_first_pass

auth requisite pam_succeed_if.so uid >= 500 quiet

auth required pam_deny.so

 

account required pam_unix.so

account sufficient pam_succeed_if.so uid < 500 quiet

account required pam_permit.so

 

password requisite pam_cracklib.so try_first_pass retry=3

password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok

password required pam_deny.so

 

session optional pam_keyinit.so revoke

session required pam_limits.so

session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session required pam_unix.so

---------------------------------------------------------------------------

wbinfo -u shows all the domain user as

administrator

not

CENTRALadministrator

 

getent passswd shows all the doamin user.

 

please help me to solve the prob whrere i am worng so i can log samba server using domain user

 

thanks in advance.