[Samba] CHOWN
sandy.napoles at eccmg.cupet.cu
sandy.napoles at eccmg.cupet.cu
Thu Apr 5 08:52:25 MDT 2012
Hello list, here is the procedure to permit user create in active
directory login samba4 server, using pam_winbind
Installing and configuring
Ensure that you built Samba 4 with libpam0g-dev installed on your system.
If not, install the PAM development libraries and re-compile Samba 4 from
the ./configure.developer stage. Install pam_winbind.so in the usual
place:
1 ln -s /usr/local/samba/lib/pam_winbind.so /lib/security
Ckeck you have a similar entry in smb.conf:
[global]
template shell = /bin/bash
2. Restart your samba 4 server
Note: The following actions can cause you not to be able to connect to
your system if you do something wrong. You are invitated to make a backup
of your previous configuration and to have a spare connection to the
server as root to be able to restore them in case of problem.
3. Files to modify:
/etc/pam.d/common-auth
Add this line before pam_unix.so:
auth sufficient pam_winbind.so
Also add the option use_first_pass to the pam_unix.so line
/etc/pam.d/common-account
Add this line before pam_unix.so:
account sufficient pam_winbind.so
/etc/pam.d/common-session
Add these lines before any other session line:
session required pam_mkhomedir.so
session required pam_winbind.so
Testing
Check that getent passwd return a correct entry:
getent passwd
...
ssh administrator at 10.0.100.1
...
It's important that the shell must be a real shell (and not /bin/false).
Check that you can connect as a non domain user (ie. root or any other
account that used before
More information about the samba
mailing list