也许你公司的服务器大多是windows200x的,而且已经建了WIN200x的域来对公司的所有机器及用户做管理,而且这个域工作得很不错,所有用户的权限设置的也已经十分的合理。这时你想加一台linux或BSD的机器进去,来为公司的用户提供如ftp、samba等服务,因为在linux及BSD下的这些软件比在windows下的工作效率更高,更安全。你也许会碰到的一个问题是,在每台新架的linux及BSD服务器上都得重新加入很多用户,设置这些用户的权限、密码,如果你公司的员工很多的话,这个活还是很累人的。
但既然已经在域中有了所有用户的认证信息,为什么不好好的利用它呢:)。SAMBA3中的winbind服务就为我们提供了这样的一个途径。首先你把这linux台服务器加到win200x域中,成为域中的成员服务器,然后用winbind服务把认证信息发给PDC,由PDC来做用户的认证。只要适当的设置winbind服务、PAM,你就能通过PDC来为你linux或BSD服务器上的ftp、samba、ssh服务来做认证,是不是很不错呢?
下面是我在redhat7.3上用winbind+PAM实现对sshd、samba服务PDC认证的过程:
1、使用的相关软件:
samba-3.0.7 pam-0.75-32 (这些软件的安装过程我就不讲了,参考CU上的相关文件吧:)
2、实现方法:
1) 在samba安装完成后,考贝libnss_winbind.so库到/lib目录下
cp ../samba/source/nsswitch/libnss_winbind.so /lib
ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
2) vi /etc/nsswitch.conf 做如下修改,使winbind成为passwd及group的认证信息源
passwd: files winbind
shadow: files
group: files winbind
3)用ldconfig命令来使winbind使用libnss_winbind.so库,这样就不用重启机器了,如果不行,就重启一下机器 。
/sbin/ldconfig -v | grep winbind
4)vi smb.conf ,在[global]设置中修改及加入下面几行
# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
security = domain
# separate domain and username with '/', like DOMAIN+username
winbind separator = /
# use uids from 10000 to 20000 for domain users
idmap uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
idmap gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template homedir = /home/%D/%U
template shell = /bin/bash
winbind separator是域名与用户名和组名之间的分隔符,我设成’/’,
idmap uid 和 idmap gid是设置winbind把win200x域用户、组map成本地用户、组所使用的ID号范围,如果你的用户很多,可以加大这两个值之间的差。Template homedir是用户登录后的主目录,我设置成/home/域名/用户名。Template shell是用户登录后的shell,如果你想用PDC给你的sshd做认证,就可以加上这个,给用户一个shell,不错吧。
5)用samba3的net join命令把这台机器加入到windows200x域中
/usr/local/samba/bin/net rpc join -S PDC -U Administrator
然后输入域管理员密码,administrator是域管理员帐号。PDC是你的域名,可以用NETBIOS名。
6)启动winbindd服务
/usr/local/samba/sbin/winbindd
7)用wbinfo 命令查看你用winbindd服务连接PDC抓到的域内的用户和组的信息。
[quote:ff37ce28e0]
[root@LogBack wy]# wbinfo -u
WY/Administrator
WY/Guest
WY/krbtgt
WY/wuying
WY/wy
[/quote:ff37ce28e0]
其中’/’前的是域名,我这是WY,’/’后的是域用户名。
[quote:ff37ce28e0]
[root@LogBack wy]# wbinfo -g
BUILTIN/System Operators
BUILTIN/Replicators
BUILTIN/Guests
BUILTIN/Power Users
BUILTIN/Print Operators
BUILTIN/Administrators
BUILTIN/Account Operators
BUILTIN/Backup Operators
BUILTIN/Users
WY/Domain Admins
WY/Domain Users
WY/Domain Guests
WY/Domain Computers
WY/Domain Controllers
WY/Cert Publishers
WY/Schema Admins
WY/Enterprise Admins
WY/Group Policy Creator Owners
WY/DnsUpdateProxy
[/quote:ff37ce28e0]
其中’/’前的是域名,我这是WY,’/’后的是域组名。
用getnet passwd 和getnet group你可以看到本地服务器及域服务器上所有的用户及组的信息。
到这儿,我们的工作已经完成一大半了。Winbindd服务已经可以正常工作了:)
8)到samba-3.0.7的源码目录source下,编译pam_winbind.so认证模块,CP到/lib/security下:
make nsswitch/pam_winbind.so
cp ../samba/source/nsswitch/pam_winbind.so /lib/security
9)下面是设置PAM了,在设置前请先备份你的/etc/pam.d目录。如果是设sshd等关建登入服务的PAM,改错了,可能ssh就登不进去,所以要小心操作。
下面是我改过的/etc/pam.d/sshd的配置文件:
[quote:ff37ce28e0]
[root@LogBack wy]# cat /etc/pam.d/sshd
#%PAM-1.0
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session required /lib/security/pam_mkhomedir.so
session optional /lib/security/pam_console.so
[/quote:ff37ce28e0]
其中两个含有pam_winbind.so的行是这加进去的,用来做winbind的认证。
含有pam_mkhomedir.so的行也是我加进去的,用来在域用户登录时自动给他建立主目录和登录脚本,不然你一登录就会在发现自己在根目录下。注意,主目录的路径是你在smb.conf文件中指定的Template shell变量,我这是/home/WY/用户名。/home/WY目录要手动建,不然是登不进去的。我把这个目录的权限设成 1777,好处是大家都能写,但只有属主可删,就象/tmp目录一样。
再其它机器上用ssh 连看试一下:
[quote:ff37ce28e0]
[wy@wy1 RPMS]$ ssh wy/wuying@172.16.130.35
wy/wuying@172.16.130.35's password:
Last login: Sat Oct 30 19:57:47 2004 from 172.16.130.36
[WY/wuying@LogBack wuying]$ id
uid=10003(WY/wuying) gid=10009(WY/Domain Users) groups=10009(WY/Domain Users)
[WY/wuying@LogBack wuying]$
[/quote:ff37ce28e0]
OK,我们成功了。WY/wuying是“域名/用户名”的行式,这个域用户被map成为本地的uid号为1009的用户。
下面是我的/etc/pam.d/samba的配置文件:
[quote:ff37ce28e0]
[root@LogBack wy]# cat /etc/pam.d/samba
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
[/quote:ff37ce28e0]
然后vi smb.conf文件,在最后加上
[quote:ff37ce28e0]
[ADMshare]
comment = admin dir
path = /home/WY/administrator
valid users = "WY+Domain Admins"
public = no
writable = yes
printable = no
create mask = 0775
directory mask = 0775
[/quote:ff37ce28e0]
这样就只有WY域中的Domain Admins组的成员才可以往ADMshare共享中写东西,是不是好管理多了呢。如果域用户的密码更改,我们也不用去每台linux服务器上改密码了,用winbind去win200xPDC上做认证,他怎么改都行,方便多了吧。
我这里只进了winbind和PAM的配置方法,如果大家对其中的一些概念还不明白的话,可以参考一下SAMBA3源码包samba-3.0.7.tar.gz解开后docs目录中的pdf文档。我讲的部分都在smaba-HOWTO-collection.pdf文档的第6及第20章中,相关的概念讲解得也不错,如果哪位高手有时间的话,把这些文档翻成中文,那真是CU朋友之福了。晚上23:15了,回家喽。
| 零二年的夏天 回复于:2004-10-31 11:27:22 |
| 不错! 楼主自己的笔记? |
| bb8848 回复于:2004-10-31 19:33:20 |
| 及时雨阿 |
| eagerlinuxer 回复于:2004-10-31 20:56:19 |
| 呵呵,当然是自己写的了,不过准确的说是对smaba-HOWTO-collection.pdf文档的部分翻译加上自己的实践。 |
| flighttop 回复于:2004-11-01 05:07:46 |
| Thank you for your wonderful note about winbind. More and more PDC will be set up on samba 3 on Free BSD/Linux in mid-size companies, like universities. Each student has an account on Linux/Unix servers. Studnents need to be authorized to access domains on Windows system. So, enabling PDC on samba on Linux/Unix to trust PDC on Windows is a very interesting subject. Do you have some experience on it? Thanks! |
| eagerlinuxer 回复于:2004-11-01 05:53:47 |
| I haven't any experience on enabling PDC on samba on Linux/Unix to trust PDC on Windows ,But I very interesting the subject :). Do you have some document about it ?Could you share it to us? |
| platinum 回复于:2004-11-01 07:55:22 |
| very nice . . . |
| wmeng 回复于:2004-11-01 13:13:55 |
| 真的是非常值得称赞的文档 其实要是能多一些xUnix和Windows的混合平台应用就好了 因为大部分公司都是在一种混杂模式下工作的,怎么样的优化和利用就是非常好了 |
| platinum 回复于:2004-11-02 21:48:02 |
| http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#anon-rw |
| shayulei 回复于:2004-11-04 10:40:14 |
| 虽然看不懂怎么操作,但至少我知道LINUX或UNIX也能加入WINODWS域,谢谢 |
| stevenyj 回复于:2004-11-04 20:58:31 |
| 楼主,能不能在其他平台下运行,solaris\bsd\aix\hp-ux |
| eagerlinuxer 回复于:2004-11-09 14:47:10 |
| 其它平台我没有试过,但只要能安上samba3,而且这个平台用pam来做认证,支持NSS,那应该就可以了。 |
| flighttop 回复于:2004-11-10 01:50:09 |
| At least to say it is ok on Free BSd, Solaris 8 and Linux. |
| eagerlinuxer 回复于:2004-11-10 17:35:00 |
| 楼上的真强啊,在FreeBSD和Solaris8上都做成功了。我对Solaris不熟,FreeBSD还可以,能不能分享一下经验啊? |
| percen 回复于:2004-11-17 11:21:02 |
| 如题,请楼主帮忙,谢谢! |
| jiadingjun 回复于:2004-12-15 09:11:13 |
| 我在suse linux 9.0上 make nsswitch/pam_winbind.so 是遇到错误过不去。使用版本是3.08,不知道接下来怎么办? nsswitch/pam_winbind.c:64: error: parse error before '*' token nsswitch/pam_winbind.c: In function `converse': nsswitch/pam_winbind.c:71: error: `pamh' undeclared (first use in this function) nsswitch/pam_winbind.c:71: error: (Each undeclared identifier is reported only once nsswitch/pam_winbind.c:71: error: for each function it appears in.) nsswitch/pam_winbind.c:71: error: `PAM_CONV' undeclared (first use in this function) nsswitch/pam_winbind.c:72: error: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c:73: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:73: error: `nargs' undeclared (first use in this function) nsswitch/pam_winbind.c:73: error: `message' undeclared (first use in this function) nsswitch/pam_winbind.c:74: error: `response' undeclared (first use in this function) nsswitch/pam_winbind.c:74: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:81: error: parse error before '*' token nsswitch/pam_winbind.c: In function `_make_remark': nsswitch/pam_winbind.c:83: error: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c:85: error: storage size of `msg' isn't known nsswitch/pam_winbind.c:89: error: `text' undeclared (first use in this function) nsswitch/pam_winbind.c:90: error: `type' undeclared (first use in this function) nsswitch/pam_winbind.c:93: error: `pamh' undeclared (first use in this function) nsswitch/pam_winbind.c:96: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:96: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:96: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:96: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:96: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:96: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c: In function `pam_winbind_request': nsswitch/pam_winbind.c:112: error: `PAM_SERVICE_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c:127: error: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c: In function `pam_winbind_request_log': nsswitch/pam_winbind.c:153: error: `PAM_AUTH_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c:157: error: `PAM_ACCT_EXPIRED' undeclared (first use in this function) nsswitch/pam_winbind.c:161: error: `PAM_AUTHTOK_EXPIRED' undeclared (first use in this function) nsswitch/pam_winbind.c:165: error: `PAM_NEW_AUTHTOK_REQD' undeclared (first use in this function) nsswitch/pam_winbind.c:169: error: `PAM_USER_UNKNOWN' undeclared (first use in this function) nsswitch/pam_winbind.c:175: error: `PAM_IGNORE' undeclared (first use in this function) nsswitch/pam_winbind.c:178: error: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c: In function `winbind_auth_request': nsswitch/pam_winbind.c:232: error: `PAM_AUTH_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:300: error: parse error before '*' token nsswitch/pam_winbind.c: In function `_winbind_read_password': nsswitch/pam_winbind.c:316: error: `pass' undeclared (first use in this function) nsswitch/pam_winbind.c:322: error: `ctrl' undeclared (first use in this function) nsswitch/pam_winbind.c:322: error: `PAM_OLDAUTHTOK' undeclared (first use in this function) nsswitch/pam_winbind.c:322: error: `PAM_AUTHTOK' undeclared (first use in this function) nsswitch/pam_winbind.c:329: error: `pamh' undeclared (first use in this function) nsswitch/pam_winbind.c:330: error: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c:341: error: `PAM_AUTHTOK_RECOVER_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c:353: error: storage size of `msg' isn't known nsswitch/pam_winbind.c:359: error: `comment' undeclared (first use in this function) nsswitch/pam_winbind.c:361: error: `PAM_TEXT_INFO' undeclared (first use in this function) nsswitch/pam_winbind.c:369: error: `PAM_PROMPT_ECHO_OFF' undeclared (first use in this function) nsswitch/pam_winbind.c:370: error: `prompt1' undeclared (first use in this function) nsswitch/pam_winbind.c:373: error: `prompt2' undeclared (first use in this function) nsswitch/pam_winbind.c:389: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:389: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:389: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:389: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:389: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:389: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:389: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:389: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:389: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:389: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:389: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:389: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:389: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:389: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:389: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:389: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:394: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:394: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:394: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:395: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:398: error: `PAM_ERROR_MSG' undeclared (first use in this function) nsswitch/pam_winbind.c:412: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:412: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:412: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:412: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c:412: error: invalid use of undefined type `struct pam_response' nsswitch/pam_winbind.c:412: error: dereferencing pointer to incomplete type nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:449: error: Syntaxfehler before "int" nsswitch/pam_winbind.c:449: error: parse error before '*' token nsswitch/pam_winbind.c: In function `pam_sm_authenticate': nsswitch/pam_winbind.c:455: error: `PAM_AUTH_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c:459: error: `argc' undeclared (first use in this function) nsswitch/pam_winbind.c:459: error: `argv' undeclared (first use in this function) nsswitch/pam_winbind.c:462: error: `pamh' undeclared (first use in this function) nsswitch/pam_winbind.c:463: error: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c:466: error: `PAM_SERVICE_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c:475: error: `PAM_AUTHTOK_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:513: error: Syntaxfehler before "int" nsswitch/pam_winbind.c:513: error: parse error before '*' token nsswitch/pam_winbind.c: In function `pam_sm_setcred': nsswitch/pam_winbind.c:516: error: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:524: error: Syntaxfehler before "int" nsswitch/pam_winbind.c:524: error: parse error before '*' token nsswitch/pam_winbind.c: In function `pam_sm_acct_mgmt': nsswitch/pam_winbind.c:528: error: `PAM_USER_UNKNOWN' undeclared (first use in this function) nsswitch/pam_winbind.c:531: error: `argc' undeclared (first use in this function) nsswitch/pam_winbind.c:531: error: `argv' undeclared (first use in this function) nsswitch/pam_winbind.c:534: error: `pamh' undeclared (first use in this function) nsswitch/pam_winbind.c:535: error: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c:538: error: `PAM_SERVICE_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c:553: error: `PAM_IGNORE' undeclared (first use in this function) nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:570: error: Syntaxfehler before "int" nsswitch/pam_winbind.c:570: error: parse error before '*' token nsswitch/pam_winbind.c: In function `pam_sm_open_session': nsswitch/pam_winbind.c:574: error: `argc' undeclared (first use in this function) nsswitch/pam_winbind.c:574: error: `argv' undeclared (first use in this function) nsswitch/pam_winbind.c:577: error: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:580: error: Syntaxfehler before "int" nsswitch/pam_winbind.c:580: error: parse error before '*' token nsswitch/pam_winbind.c: In function `pam_sm_close_session': nsswitch/pam_winbind.c:584: error: `argc' undeclared (first use in this function) nsswitch/pam_winbind.c:584: error: `argv' undeclared (first use in this function) nsswitch/pam_winbind.c:587: error: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:592: error: Syntaxfehler before "int" nsswitch/pam_winbind.c:592: error: parse error before '*' token nsswitch/pam_winbind.c: In function `pam_sm_chauthtok': nsswitch/pam_winbind.c:597: error: `argc' undeclared (first use in this function) nsswitch/pam_winbind.c:597: error: `argv' undeclared (first use in this function) nsswitch/pam_winbind.c:612: error: `pamh' undeclared (first use in this function) nsswitch/pam_winbind.c:613: error: `PAM_SUCCESS' undeclared (first use in this function) nsswitch/pam_winbind.c:616: error: `PAM_USER_UNKNOWN' undeclared (first use in this function) nsswitch/pam_winbind.c:633: error: `flags' undeclared (first use in this function) nsswitch/pam_winbind.c:633: error: `PAM_PRELIM_CHECK' undeclared (first use in this function) nsswitch/pam_winbind.c:641: error: `PAM_BUF_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c:665: error: `PAM_ACCT_EXPIRED' undeclared (first use in this function) nsswitch/pam_winbind.c:666: error: `PAM_AUTHTOK_EXPIRED' undeclared (first use in this function) nsswitch/pam_winbind.c:667: error: `PAM_NEW_AUTHTOK_REQD' undeclared (first use in this function) nsswitch/pam_winbind.c:672: error: `PAM_OLDAUTHTOK' undeclared (first use in this function) nsswitch/pam_winbind.c:678: error: `PAM_UPDATE_AUTHTOK' undeclared (first use in this function) nsswitch/pam_winbind.c:702: error: `PAM_AUTHTOK_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c:745: error: `PAM_SERVICE_ERR' undeclared (first use in this function) make: *** [nsswitch/pam_winbind.po] Fehler 1 |
| percen 回复于:2004-12-15 09:21:25 |
| 我在RH9上配置成功.楼主发的资料有点错误,就是在配置SMB的时候设定分隔符为"/",即:winbind separator = / ,在设置分享资料夹的存取权限时就应该为"domain/users",而不是“domain+users”。只要定义的前后一致就可以了。如果winbind separator = + ,则分享资料夹的存取权限时就应该为"domain+users" |
| eagerlinuxer 回复于:2004-12-15 09:33:42 |
| [quote:09c76c5268="percen"]如题,请楼主帮忙,谢谢![/quote:09c76c5268] 你看一下smb的安装路径是不是在$PATH变量中。 |
| jiadingjun 回复于:2004-12-15 16:52:09 |
| 我是用rpm包安装的,分别安装了samba 和winbind两个包,做到第八步的时候,是下载了源代码来做的。后来试了一下3.09得到下面的错误: nu01:/tmp/samba-3.0.9/source # make nsswitch/pam_winbind.so Compiling nsswitch/pam_winbind.c with -fPIC Compiling nsswitch/wb_common.c with -fPIC Compiling lib/replace1.c with -fPIC In file included from lib/replace1.c:21: include/includes.h:926:19: proto.h: Datei oder Verzeichnis nicht gefunden make: *** [lib/replace1.po] Fehler 1 |
| 孤独的鹰 回复于:2005-04-29 16:57:56 |
| 哈哈支持一下 |
| baif 回复于:2005-07-27 11:27:49 |
| 我现在遇到一个问题,就是按照这样的配置。只有一个错误那就是: $wbinfo -u error looking up domian users. 请问这是怎么一回事阿? WINDOWS2003+CentOS-4.1 |
延伸阅读
文章来源于领测软件测试网 https://www.ltesting.net/
