[Samba] Samba integration with AD
Emmanuel Blindauer
samba at mooby.net
Fri Mar 24 08:11:01 GMT 2006
For auth, I'll recommend you using pam_krb5 for auth, winbind will still be
sufficient for account.
btw, you didn't post your system-auth, so it isn't clear for the content
inside. be carefull about ssh, wilch does use pam only if you have
specified with UsePam (I use directly kerberos/GSSAPI auth in ssh)
Emmanuel
> The biggest issue appears to be with PAM. Local and ssh logins using
> AD_DOMAIN accounts. Neither work and fail without notification to the
> user, but the following appears in the logs:
>
> ....
> Mar 23 16:08:42 32gs sshd(pam_unix)[8586]: check pass; user unknown
> Mar 23 16:08:42 32gs sshd(pam_unix)[8586]: authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x
> Mar 23 16:08:44 32gs sshd[8581]: error: PAM: Authentication failure for
> testuser from x.x.x.x
> # cat /etc/pam.d/login
> #%PAM-1.0
> auth required /lib/security/pam_securetty.so
> auth sufficient /lib/security/pam_winbind.so
> auth sufficient /lib/security/pam_unix.so use_first_pass
> auth required /lib/security/pam_stack.so service=system-auth
> auth required /lib/security/pam_nologin.so
> account sufficient /lib/security/pam_winbind.so
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> session optional /lib/security/pam_console.so
>
> # cat /etc/pam.d/samba
> #%PAM-1.0
> auth required /lib/security/pam_stack.so service=system-auth
> account required /lib/security/pam_stack.so service=system-auth
>
> # cat /etc/pam.d/sshd
> #%PAM-1.0
> auth include system-auth
> auth required pam_shells.so
> auth required pam_nologin.so
> account include system-auth
> password include system-auth
> session include system-auth
>
> Anything else?
>
> Brian
More information about the samba
mailing list