Update to Samba4/Winbind howto wiki page
d.dario76 at gmail.com
Mon Oct 8 07:54:31 MDT 2012
On Mon, 2012-10-08 at 14:38 +0100, Rowland Penny wrote:
> On 08/10/12 13:21, Daniele Dario wrote:
> > Hi samba team,
> > on ubuntu server (at least for 11.04) the pam_winbind.so module link
> > should be created in /lib/i386-linux-gnu/security instead
> > of /lib/security to avoid faulty messages in auth.log like
> > Oct 8 13:17:03 kdc01 sshd: PAM unable to
> > dlopen(pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared
> > object file: No such file or directory
> > Oct 8 13:17:03 kdc01 sshd: PAM adding faulty module:
> > pam_winbind.so
> > Cheers,
> > Daniele.
> Hi, I would agree with that and add that the link should be
> /lib/x86_64-linux-gnu/security/ for 64bit ubuntu systems.
> What I cannot understand is, why would anybody want their Domain Users
> to be able to ssh into the AD server?
up to now I'm trying to get rsync working between my two samba4 DCs to
keep sysvol synced and to get it I needed to set up correctly ssh+gssapi
and to debug it I got into the problem so I signaled it.
BTW in my current setup I have some users (of a restricted AD group)
allowed to ssh when they're out of office. Up to now they log in (via
ssh) to a samba3 box joined to the domain and at the login some network
shares are mounted on their home folder to allow them see the shares.
I've seen that ssh works quite fine while VPNs slow down and don't work
More information about the samba-technical