[Samba] authentication to ADS via Kerberos at login?

Tim Jordan Timothy_Jordan at labor.state.ak.us
Fri Jun 27 19:12:28 GMT 2003 

Hello Andrew,

I'm a little stuck with my login authentication for my Samba 3 box. 
 With the new features in Samba 3 - Should I be able to provide 
username at domain & password at login that would authenticate me against 
our W2K ADS PDC and obtain my kerberos ticket?

Please advise on the suggested way to authenticate against our Active 
Directory domain at login if I'm way off base on this one.

I have included my /etc/pam.d/login & system-auth for your review.

Thank you very much,
Tim


/etc/pam.d/login
#%PAM-1.0

auth       required    /lib/security/pam_stack.so service=system-auth
auth       required    /lib/security/pam_securetty.so
auth       required    /lib/security/pam_nologin.so
account    sufficient     /lib/security/pam_winbind.so
account    required    /lib/security/pam_pwdb.so
password   required    /lib/security/pam_cracklib.so
password   required    /lib/security/pam_pwdb.so shadow nullok use_authtok
session    required    /lib/security/pam_pwdb.so
session    required     /lib/security/pam_mkhomedir.so skel=/etc/skel 
umask=0022

*******************************************************************
/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_krb5.so use_first_pass
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
account     [default=bad success=ok user_unknown=ignore 
service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
account     [default=bad success=ok user_unknown=ignore 
service_err=ignore system_err=ignore] /lib/security/pam_krb5.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok
password    sufficient    /lib/security/pam_krb5.so use_authtok
password    sufficient    /lib/security/pam_ldap.so use_authtok
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_krb5.so
session     optional      /lib/security/pam_ldap.so
**********************************************************************

More information about the samba mailing list