[Samba] Confusion about libpam-krb5 and libpam-winbind
Matthias Kühne | Ellerhold AG
matthias.kuehne at ellerhold.de
Thu Feb 17 10:12:24 UTC 2022
Hello samba-community,
on our Debian Domain members (Samba 4.14) we cant change the password of
local (non-AD) users, because it asks for the "Current kerberos password".
Ive tracked it down to the libpam-krb5. I can up the "minimum_uid" from
1000 to the value of my smb.conf (10000) and the problem is gone. Is
this the correct way to fix this problem?
That leads me to a second question: What we need on these servers are
SSH and SMB access via users from the domain. Both are using username +
password (e. g. MY-DOMAIN\matthias.kuehne and a PW). As far as I
understand it this is handled by libpam-winbind, correct?
libpam-krb5 would enable me to use kerberos tickets to access the file
shares (and possibly ssh?). If I dont need that - can I uninstall it or
does any background system of a samba domain member use this pam-module?
Same question for a samba ad-dc!
Thanks for your time!
Matthias Kühne.
--
Matthias Kühne
Senior Webentwickler
Datenschutzbeauftragter
Ellerhold Aktiengesellschaft
Friedrich-List-Str. 4
01445 Radebeul
Telefon: +49 (0) 351 83933-61
Telefax: +49 (0) 351 83933-99
Web www.ellerhold.de
Twitter www.twitter.com/Ellerhold_AG
Youtube www.youtube.com/user/ellerholdgruppe
Amtsgericht Dresden / HRB 23769
Vorstand: Stephan Ellerhold, Maximilian Ellerhold
Vorsitzender des Aufsichtsrates: Frank Ellerhold
---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges löschen dieser E-Mail und der Anlagen.
Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/
This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments.
You can find our privacy policy here: http://www.ellerhold.de/datenschutz/
More information about the samba
mailing list