[Lias] Help with Winbind!?

David Lloyd lloy0076 at adam.com.au
Sat Sep 6 09:37:01 UTC 2003 

Max,

> Perhaps my main questions are the following..
>          1) Does samba have to be configured with the 
> --with-winbind-auth-challenge and/or --with-pam ?

I believe it should be built with both. I also believe, though, that if
the "--with-winbind-auth-challenge" is missing the plaintext
authentication will still work.

>          (reason being, from a base RH9 with samba installed from the
>          setup 
> process I was able to wbinfo -u dom+uname%pass and received plaintext 
> authentication succeeded though no other information appeared)

Your winbind debug level could be set a little low.

>          2) What PAM files need to be modified in order to allow shell
>          and 
> X logons to the machine?

I have forgoteen how RedHat 8.0 does this.

Look at:

 /etc/pam.d/login

...that may have a pam_stack.o module listed. In which case, you'll need
to follow the "stack". If I recall it may be:

 /etc/pam.d/system-auth

(or some such similar name).

Look at:

 /etc/pam.d/kdm
 /etc/pam.d/gdm
 /etc/pam.d/xdm

...for the display managers. Obviously you'd configure the one that you
use.

>          3) Is there any way to automatically map to the users network
>          home 
> directory (as defined by the domain users and groups settings)?

Not yet, however I happen to be doing some development work on
libpam-smb (not really related) but I should be able to port this work
easily over to winbind.

> Everyone here thinks I'm mad in trying to do this, suggesting I avoid 
> winbind, however I don't want to have to populate 1300+ student user 
> accounts on the linux boxes every six months.

You may not need to ;-P I am working on a way that:

 a) avoids winbind
    - it's a total pain

 b) uses libpam-smb (pam_smb_auth.so)

...but give me a little time to get it stable and for production use.

> Any help would be greatly appreciated as I'm more or less at my wits'
> end with this.

Actually, had you considered using:

 /lib/security/pam_mkhomedir.so

??

In a domain setting, all you need to do is:

 1) Create /home/DOMAINNAME

(obviously substitute the DOMAINNAME)

Then when pam_mkhomedir.so is called, it will just make the home
directories for you.

It's a session module so the correct lines in a PAM config are:

session required /lib/security/pam_mkhomedir.so umask=022

...set the umask to whatever you want.

DSL
-- 
There are no other guests, just you and me...
 I'm in love with, surely you know that?

More information about the lias mailing list