Re: [PLUG] Ongoing saga with Samba and AD

Mike Leone on 28 Mar 2010 09:11:40 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Ongoing saga with Samba and AD

From: Mike Leone <turgon@mike-leone.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Ongoing saga with Samba and AD

Date: Sun, 28 Mar 2010 12:11:43 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.24 (Windows/20100228)

Ben Love had this to say: > Adding try_first_pass or use_first_pass will probably fix your multiple > password problem. We don't have that though, so I'm not sure why that's > different for you. I'll give that a shot. > As for the order, you probably want pam_unix first, because local > password lookups are probably faster than network lookups. Just make > sure whichever one is first has the success=2. The <integer> means skip > the next <integer> modules. Namely, on success you want to skip the > pam_deny module. AH. A bit of fog lifts ... >>> What is the output of `getent passwd $user` ? I wonder if your shell is >>> not set to an sh variant. >> # getent passwd DACRIB+ldap-proxy >> DACRIB+ldap-proxy:*:10006:10012:LDAP Proxy:/home/DACRIB:/bin/false >> >> I suppose it's that "/bin/false" that's doing it? How can I change that, >> only for my AD domain users? My local Linux users show "/bin/bash". > > So, your logins are successful. The shell just exits immediately and > the user logs out! It looks like you need "template shell = /bin/bash" > in your smb.conf file. (At least that's what Google tells me.) And it just told me the same. And that works! I was able to login. WooHoo! :-) DACRIB+ldap-proxy@workhorse:~$ pwd /home/DACRIB/ldap-proxy DACRIB+ldap-proxy@workhorse:~$ So huge progress! I will try tweaking the "common-auth" as suggested. Later, I will try other things like login scripts and such. Maybe I will try to change the smb.conf to not require the domain name; that would be much cleaner. I just left it that way, to make sure the local users and domain users stood out visually from each other. I'm sure there are other things to play with. Good practice and knowledge (maybe) for use at work. I learned postfix at home the same way, and used it at work for like 4 years. Thanks everyone for the help. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

[PLUG] Ongoing saga with Samba and AD
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] Ongoing saga with Samba and AD
From: Ben Love <blove+plug@kylimar.com>

Re: [PLUG] Ongoing saga with Samba and AD
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] Ongoing saga with Samba and AD
From: Stephen Gran <steve@lobefin.net>

Re: [PLUG] Ongoing saga with Samba and AD
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] Ongoing saga with Samba and AD
From: Ben Love <blove+plug@kylimar.com>

Prev by Date: Re: [PLUG] Ongoing saga with Samba and AD

Next by Date: [PLUG] F/OSS KB software?

Previous by thread: Re: [PLUG] Ongoing saga with Samba and AD

Next by thread: [PLUG] F/OSS KB software?

Index(es):

Date

Thread