[Samba] winbind when machine account is not allowed to read users from ad
steve
steve at steve-ss.com
Wed Dec 4 04:21:56 MST 2013
On Wed, 2013-12-04 at 11:57 +0100, Stefan Heß wrote:
> I don't know what the difference was the generated pam_krb5 stack from
> yesterday and the one half an hour ago?
Hi
We don't know either because we have neither the 'generated pam-krb5
stack yesterday', nor 'the one half an hour ago'!
Just a guess, but it seems that your stack is in the wrong order. Here
are a few guidelines, again I'm guessing, but winbind as isn't grabbing
you as you're falling through to the plain unix auth so try:
common-auth
Add before pam_unix.so:
auth sufficient pam_winbind.so use_first_pass
common-account
Add before pam_unix.so:
account sufficient pam_winbind.so
common-session
Add at the start
session required pam_winbind.so
BE CAREFUL: Have a few root terminals open if you're gonna test
this. . .
Steve
More information about the samba
mailing list