I really would like to be able to use samba with ADS/kerberos/PAM domain =

ADS/kerberos/PAM domain authentication works with SSH now, it works if I =
login on the console with a domain account, but it wont work if I try to =
vavigate to the Samba shares by UNC path.

Please, someone take a look at the info below and let me know what I am =
doing wrong or of you need more info.

-----Original Message-----
From: samba-bounces+ggutierrez=3Dmarketscan.com@lists.samba.or g
[mailto:samba-bounces+ggutierrez=3Dmarketscan.com@lists.samba.or g]On
Behalf Of Guillermo Gutierrez
Sent: Thursday, March 09, 2006 12:59 PM
To: samba@lists.samba.org
Subject: [Samba] system-auth-winbind

I found this file in the /etc/samba directory:
It looks like it has been setup to be used by samba for pam. Does anyone =
know if that is what it is for?

I tried to copy the contents into the /etc/pam.d/samba file but I still =
could not get access to the Home directory navigating to it =
This is the only thing that I cannot get working.=20

SSH works with pam now, logging in to the console with domain profiles =
with pam works now.
Navigating to the samba shares only works with the public folder, not =
the home directory.

Here is my /etc/pam.d/samba contents:

# $Header: =
/var/cvsroot/gentoo/src/patchsets/samba/configs/system-auth-winbind,v =
1.1 2005/08/09 12:56:26 seemant Exp $

auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok =
auth required /lib/security/pam_deny.so

account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so

password required /lib/security/pam_cracklib.so retry=3D3
password sufficient /lib/security/pam_unix.so nullok use_authtok =
md5 shadow
password required /lib/security/pam_deny.so

session required /lib/security/pam_mkhomedir.so =
skel=3D/etc/skel/ umask=3D0077
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so

and here is my smb.conf:

# Samba config file created using SWAT
# from (
# Date: 2006/03/08 06:09:01

workgroup =3D MARKETSCAN
server string =3D %h, Samba Server %v
interfaces =3D lo, eth0
bind interfaces only =3D Yes
security =3D ADS
password server =3D nostradamus, nostradamus_ii
log level =3D 5
log file =3D /var/log/samba/log.%m
max log size =3D 50
socket options =3D TCP_NODELAY SO_RCVBUF=3D32768 =
load printers =3D No
disable spoolss =3D Yes
os level =3D 2
domain master =3D No
preferred master =3D No
local master =3D No
dns proxy =3D No
wins proxy =3D No
wins server =3D
ldap ssl =3D No
idmap uid =3D 10000-20000
idmap gid =3D 10000-20000
template shell =3D /bin/bash
template home dir =3D /home/%D/%U
winbind use default domain =3D Yes

comment =3D %h Public Share Directory
path =3D /home/samba/public
valid users =3D "@MARKETSCAN\Domain Users"
write list =3D "@MARKETSCAN\Domain Users"
read only =3D No
map readonly =3D no

comment =3D Home directory for %U
#path =3D /home/%D/%U
valid users =3D %S
write list =3D %S
read only =3D No
hide dot files =3D No
map readonly =3D no
browseable =3D No

Please let me know what I have misconfigured or not configured.


Guillermo Gutierrez
Development Systems Engineer
Market Scan Information Systems
(818) 575-2000 x2427

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba