[OpenIndiana-discuss] Odd Samba/winbind issue

James Relph james at themacplace.co.uk
Fri Jun 21 13:50:46 UTC 2013 

> Well, the lines you had shown appeared to show they were talking, just the answer was negative for some reason.

Interesting, odd that the PAM side is working though.  It's been very annoying I'll say that.

> Do you remember where?

Here:  https://www.opencsw.org/mantis/view.php?id=5020

> Have you tried the pam module from CSWwinbind or only the Solaris one?

I'm using the cswwinbind module, so for instance for netatalk I've got:

netatalk auth requisite         pam_authtok_get.so.1
netatalk auth required          pam_dhkeys.so.1
netatalk auth required          pam_unix_cred.so.1
netatalk auth sufficient        /opt/csw/lib/security/pam_winbind.so use_first_pass
netatalk account requisite      pam_roles.so.1
netatalk account sufficient     /opt/csw/lib/security/pam_winbind.so

> It should be possible to configure them in /etc/pam.conf (I've not tried it yet myself).
> 
> And like Jonathan, I'd like to see the configuration.

Thanks again, output of testparm is below (sanitised a little):

Load smb config files from /etc/opt/csw/samba/smb.conf
rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384)
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Processing section "[FileShare]"
Processing section "[STUDIO]"
Loaded services file OK.
WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter.
(by default Samba will discover the correct DC to contact automatically).
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
        workgroup = DOMAIN
        realm = BURBERRY.CORP
        server string = server01
        security = ADS
        password server = ukhfhwdct01.burberry.corp
        map untrusted to domain = Yes
        log file = /var/samba/samba.log
        load printers = No
        dns proxy = No
        template homedir = /export/home/%U
        template shell = /usr/bin/bash
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind expand groups = 5
        idmap config * : range = 16777216-33554431
        idmap config * : backend = tdb

[FileShare]
        comment = FileShare
        path = /shared/server01/FileShare
        read only = No

[STUDIO]
        comment = STUDIO
        path = /shared/server01/STUDIO
        read only = No

More information about the OpenIndiana-discuss mailing list