[Samba] How to enable both remote and local users?

Arno Hahma arno at jyu.fi
Mon Mar 8 09:54:23 GMT 2004


On 8. Mar, 2004, at 11:26, Manfred Odenstein wrote:

> take a look in /etc/nsswitch.conf
>
> make an entry like : "passwd: files winbind" should solve your problem

I forgot to mention, that I already have it that way. No, it does not 
work.

My PAM configuration looks like this:

/etc/pam.d/samba:

#%PAM-1.0
# pam_smbpass.so authenticates against the smbpasswd file
auth       required     pam_smbpass.so nodelay
account    required     /lib/security/pam_stack.so 
service=system-auth-winbind
session    required     /lib/security/pam_stack.so 
service=system-auth-winbind
password   required     pam_smbpass.so nodelay 
smbconf=/etc/samba/smb.conf

So, this one tries to search smbpasswd first.

/etc/pam.d/system-auth-winbind:

#%PAM-1.0

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok 
use_first_pa
ss
auth        sufficient    /lib/security/pam_winbind.so
auth        required      /lib/security/pam_deny.so

account     sufficient    /lib/security/pam_unix.so
account     required      /lib/security/pam_winbind.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok 
md5 shado
w
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_mkhomedir.so 
skel=/etc/skel/ umask=0
022
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so


This one tries to search /etc/passwd, failing that, goes on to winbind. 
So,
_both_ smbpasswd and /etc/passwd should be checked before winbind, but 
not avail.



>
> regards odi
--
ArNO
     2


More information about the samba mailing list