Home / server / Questions / 785341
In Process
JCCyC
Asked: 2016-06-22 07:05:16 +0800 CST

Easier method of setting up Winbind auth in LMDE?

  • 772

Some GNU/Linux distros (CentOS comes to mind) have a neat Authentication Config tool, in which you may specify which auth methods (files, NIS, Winbind etc) to use. You specify the needed parameters (e.g. realm, server address) and it does everything for you under the hood. Linux Mint Debian Edition doesn't seem to have one.

I'm trying to have LMDE Betsy clients login against a Samba classic PDC (not AD) which is already working just fine for Windows clients. It seems I'd have to do a fair amount of pitfall-ridden config editing. Worse, the Samba Wiki has instructions only for joining an AD, not a PDC.

Is there an easier, already-scripted way to do this in this distro? Did I fail to find some tool that's right in front of my nose?

[EDIT] Progress: I got to the point where wbinfo -u lists domain users but getent passwd doesn't, and I can't login with domain users. The only changes I made to non-Samba files were to include winbind in nsswitch.conf:

passwd:         compat winbind
group:          compat winbind

Here's my smb.conf:

[global]
   netbios name = MAQUINA128
   workgroup = PCOMLAB
   realm = PCOMLAB.INTRANET
   security = domain
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   server role = member server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
[homes]
   comment = Home Directories
   browseable = no
   read only = yes
   create mask = 0700
   directory mask = 0700
   valid users = %S
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
debian active-directory authentication samba4 winbind

1 Answers

  1. What packages have you installed ?

    On some distros (like ubuntu 16.04) installing winbind is not sufficient 'cause it installs only the daemon and tools.

    On ubuntu 16.04, even if you put 'winbind' in nsswitch.conf

    # getent passwd

    return only local users until you install the package libnss-winbind.

    # apt install libnss-winbind

    and the package libpam-winbind for authentication part.

    Hope this will help you,

    Regards,

    Bruno

    • 0