Administrace komentářů

O co se snažím : aby se dalo přihlásit na ssh přes pam přes winbind.

Kdyz zkusím : ntlm_auth --username=kuceraj

tak uspech, takze nejak winbind asi funguje

kdyz se snazim prihlasit pres ssh tak to nefunguje

winbindd log: Plain-text authentication for user gvp+kuceraj returned NT_STATUS_WRONG_PASSWORD (PAM: 7)

kdyz zkusim se prihlasit jen jako USERNAME bez zacatku domeny tak to nezna uzivatele podle winbindd logu, ale pritom ntlm_auth funguje jen v syntaxy bez domeny na zacatku, ja tomu fakt nerozumim.

v smb.conf je globalni sekce :

[global]

log file = /var/log/samba/log.%m

passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n

socket options = TCP_NODELAY

obey pam restrictions = yes

encrypt passwords = yes

passwd program = /usr/bin/passwd %u

passdb backend = tdbsam guest

dns proxy = no

netbios name = pepicek

netbios aliases = pepicek

server string = pepicek server

invalid users = root

workgroup = gvp

os level = 20

syslog = 0

panic action = /usr/share/samba/panic-action %d

max log size = 1000

client signing = yes

winbind separator = +

idmap uid = 10000-20000

idmap gid= 10000-20000

# use gids from 10000 to 20000 for domain groups

winbind gid = 10000-20000

# allow enumeration of winbind users and groups

winbind enum users = yes

winbind enum groups = yes

template homedir = /home/winnt/%D/%U

template shell = /bin/bash

interfaces = 192.168.1.3 127.0.0.1

security = gvp password server = gvps wins server = 192.168.1.2

ssh pam :

auth required /lib/security/pam_nologin.so

auth sufficient /lib/security/pam_winbind.so

account sufficient /lib/security/pam_winbind.so

auth sufficient /lib/security/pam_unix.so use_first_pass likeauth nullok

#auth sufficient /lib/security/pam_unix.so use_first_pass nullok