WOOO HOOOO!!!!
sorry, got a little excited.
I finally realized what I needed to do inorder to get Samba to allow me =
access to the home folder share.

Under [homes], I changed "valid users =3D %S" to "valid users =3D =
%D\%S". And it finally let me right in, I had to do the same for "write =
list =3D %S".

PLUS, I also left /etc/pam.d/samba with the contents of =
/etc/samba/system-auth-winbind.

Also I found out on my setup that if you belong to more than one group, =
"Domain Users" might not be of use. I had to specify a particular =
group(s) for the permissions to work.

-----Original Message-----
From: samba-bounces+ggutierrez=3Dmarketscan.com@lists.samba.or g
[mailto:samba-bounces+ggutierrez=3Dmarketscan.com@lists.samba.or g]On
Behalf Of Guillermo Gutierrez
Sent: Friday, March 10, 2006 11:49 AM
To: samba@lists.samba.org
Subject: RE: [Samba] system-auth-winbind


I really would like to be able to use samba with ADS/kerberos/PAM domain =
authentication.

ADS/kerberos/PAM domain authentication works with SSH now, it works if I =
login on the console with a domain account, but it wont work if I try to =
vavigate to the Samba shares by UNC path.

Please, someone take a look at the info below and let me know what I am =
doing wrong or of you need more info.

-----Original Message-----
From: samba-bounces+ggutierrez=3Dmarketscan.com@lists.samba.or g
[mailto:samba-bounces+ggutierrez=3Dmarketscan.com@lists.samba.or g]On
Behalf Of Guillermo Gutierrez
Sent: Thursday, March 09, 2006 12:59 PM
To: samba@lists.samba.org
Subject: [Samba] system-auth-winbind


I found this file in the /etc/samba directory:
system-auth-winbind
It looks like it has been setup to be used by samba for pam. Does anyone =
know if that is what it is for?

I tried to copy the contents into the /etc/pam.d/samba file but I still =
could not get access to the Home directory navigating to it =
\\Solidus\.
This is the only thing that I cannot get working.=20

SSH works with pam now, logging in to the console with domain profiles =
with pam works now.
Navigating to the samba shares only works with the public folder, not =
the home directory.

Here is my /etc/pam.d/samba contents:

#%PAM-1.0
# $Header: =
/var/cvsroot/gentoo/src/patchsets/samba/configs/system-auth-winbind,v =
1.1 2005/08/09 12:56:26 seemant Exp $

auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok =
use_first_pass
auth required /lib/security/pam_deny.so

account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so

password required /lib/security/pam_cracklib.so retry=3D3
password sufficient /lib/security/pam_unix.so nullok use_authtok =
md5 shadow
password required /lib/security/pam_deny.so

session required /lib/security/pam_mkhomedir.so =
skel=3D/etc/skel/ umask=3D0077
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so

and here is my smb.conf:

# Samba config file created using SWAT
# from 10.11.7.56 (10.11.7.56)
# Date: 2006/03/08 06:09:01

[global]
workgroup =3D MARKETSCAN
realm =3D MARKETSCAN.COM
server string =3D %h, Samba Server %v
interfaces =3D lo, eth0
bind interfaces only =3D Yes
security =3D ADS
password server =3D nostradamus, nostradamus_ii
log level =3D 5
log file =3D /var/log/samba/log.%m
max log size =3D 50
socket options =3D TCP_NODELAY SO_RCVBUF=3D32768 =
SO_SNDBUF=3D32768
load printers =3D No
disable spoolss =3D Yes
os level =3D 2
domain master =3D No
preferred master =3D No
local master =3D No
dns proxy =3D No
wins proxy =3D No
wins server =3D 10.11.3.198
ldap ssl =3D No
idmap uid =3D 10000-20000
idmap gid =3D 10000-20000
template shell =3D /bin/bash
template home dir =3D /home/%D/%U
winbind use default domain =3D Yes

[public]
comment =3D %h Public Share Directory
path =3D /home/samba/public
valid users =3D "@MARKETSCAN\Domain Users"
write list =3D "@MARKETSCAN\Domain Users"
read only =3D No
map readonly =3D no

[homes]
comment =3D Home directory for %U
#path =3D /home/%D/%U
valid users =3D %S
write list =3D %S
read only =3D No
hide dot files =3D No
map readonly =3D no
browseable =3D No

Please let me know what I have misconfigured or not configured.

thanks,

Guillermo Gutierrez
Development Systems Engineer
Market Scan Information Systems
(818) 575-2000 x2427
ggutierrez@marketscan.com

--=20
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--=20
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba