Success: Samba4 alpha20 on Ubuntu Precise + Install script

steve steve at steve-ss.com
Tue May 15 06:13:05 MDT 2012 

On 05/14/2012 03:19 PM, David Feurle wrote:
>
>
> I documented the whole process of configuration/installation in a 
> script and a blog entry.
> So if you want to see what I've done (wrong?) take a look at it on 
> http://spore.sodgeit.de/sporeblog-samba4EN.html .
>
> Thanks for all your efforts on samba(4)!
>
> Best regards,
>
> David Feurle
Hi David
Thanks for a good post. It finally made us have a go at winbind and S4.

The only bit I had problems with (also on a precice DC) was the pam 
config. I kept getting locked out with the pam settings you suggested 
but this may be due to us having some ldap stuff in there too.

We ended up installing libpam-winbind using apt-get to see what it 
produced in /etc/pam.d and it came up with this:

/etc/pam.d/common-account

account    [success=2 new_authtok_reqd=done default=ignore]    pam_unix.so
account    [success=1 new_authtok_reqd=done default=ignore]    
pam_winbind.so
account    requisite            pam_deny.so
account    required            pam_permit.so
account    required            pam_krb5.so minimum_uid=1000
account    [success=ok new_authtok_reqd=done ignore=ignore 
user_unknown=ignore authinfo_unavail=ignore default=bad]    pam_ldap.so 
minimum_uid=1000

/etc/pam.d/common-auth

auth    [success=4 default=ignore]    pam_krb5.so minimum_uid=1000
auth    [success=3 default=ignore]    pam_unix.so nullok_secure 
try_first_pass
auth    [success=2 default=ignore]    pam_winbind.so krb5_auth 
krb5_ccache_type=FILE cached_login try_first_pass
auth    [success=1 default=ignore]    pam_ldap.so minimum_uid=1000 
use_first_pass
auth    requisite            pam_deny.so
auth    required            pam_permit.so
auth    optional            pam_cap.so

/etc/pam.d/common-session

session    [default=1]            pam_permit.so
session    requisite            pam_deny.so
session    required            pam_permit.so
session optional            pam_umask.so
session    optional            pam_krb5.so minimum_uid=1000
session    required    pam_unix.so
session    optional            pam_winbind.so
session    [success=ok default=ignore]    pam_ldap.so minimum_uid=1000
session    optional            pam_ck_connector.so nox11

We took a backup, deleted the Ubuntu versions of winbind and copied the 
backup back: bingo:-)

The main limitation of it for us is having to have home directories all 
in the same folder, but that's another matter. I'm sure that there's a 
simple solution to that lurking here. . .
Cheers,
Steve

More information about the samba-technical mailing list