[Samba] pam_krb5.so in pam.d/login

Tim Jordan timothy_jordan at labor.state.ak.us
Fri Nov 7 18:54:17 GMT 2003 

Does using the pam_krb module give the authenticated user a valid
kerberoes ticket upon loggin into the domain?  Instead of doing kinit
from the shell?

Tim
On Tue, 2003-11-04 at 10:53, Thron Havens wrote:
> I know what everyone is busy and there are a lot of requests here but can
> someone give me any ideas why I can't get private shares to work? Right now
> I get prompted with a logon and password but I cannot connect. Under my
> share config I have used "user(s) = user-name" valid users = user-name" and
> "username = user-name" None of them will let me in.
> 
>  
> 
> I'm running samba 2.5 on a FreeBSD box using winbind to do authentication
> with my PDC/BDC and I'm able to configure global shares that everyone on the
> NT network can access. 
> 
>  
> 
> SMB.conf
> 
> workgroup = domain-name
> 
> netbios name = comp-name
> 
> server string = comp-name
> 
> security = domain
> 
> log file = /var/log/sambalog.%m
> 
> encrypt passwords = yes
> 
> local master = no
> 
> os level = 0 
> 
> domain master = no
> 
> preferred master = no
> 
> wins support = no
> 
> wins server = 0.0.0.0
> 
> wins proxy = no
> 
> dns proxy = no
> 
> log level = 3 
> 
> max log size = 100000000
> 
> load printers = no
> 
>  
> 
> 
> 
> winbind uid = 10000-20000
> 
> winbind gid = 10000-20000
> 
> winbind enum users = yes
> 
> winbind enum groups = yes
> 
> winbind separator = .
> 
> winbind use default domain = yes
> 
> template homedir = /usr/share/%U
> 
> template shell = /bin/false
> 
> password server = * 
> 
> name resolve order = hosts lmhosts wins bcast
> 
> nt acl support = yes
> 
>  
> 
> [share]
> 
> comment = temporary file space
> 
> path = path
> 
> browsable = yes 
> 
> read only = no
> 
> public = yes
> 
> printable = no
> 
> writeable = yes
> 
>  
> 
> [temp]
> 
> comment = another share
> 
> path = /usr/report
> 
> username = user-name 
> 
> browsable = yes
> 
> read only = no 
> 
> #public = yes 
> 
> printable = no
> 
> writeable = yes
> 
>  
> 
> Pam.conf
> 
> auth                  required            pam_nologin.so
> no_warn
> 
> auth                  sufficient           pam_winbind.so
> 
> auth                  sufficient           pam_opie.so
> no_warn no_fake_prompts
> 
> auth                  requisite            pam_opieaccess.so        no_warn
> allow_local
> 
> #auth                sufficient           pam_krb5.so
> no_warn try_first_pass
> 
> #auth                sufficient           pam_ssh.so
> no_warn try_first_pass
> 
> auth                  required            pam_unix.so
> no_warn try_first_pass
> 
>  
> 
> # account
> 
> #account           required            pam_krb5.so
> 
> account             sufficient           pam_winbind.so
> 
> account             required            pam_unix.so
> 
>  
> 
> # session
> 
> #session           optional pam_ssh.so
> 
> session              required            pam_permit.so
> 
>  
> 
> # password
> 
> password          required            pam_permit.so
> 
>  
> 
> 
> 
> Thanks
> 
>  
> 
> Thron
> 
>

More information about the samba mailing list