[Samba] Need PAM when SSH logins die after winbind added to Solaris 8 nsswitch.conf?

William Enestvedt William.Enestvedt at jwu.edu
Thu Mar 3 18:16:50 GMT 2005

I compiled Samba 3.0.12pre1 and enabled winbind in the
/etc/nsswitch.conf file on my Solaris 8 system, and now SSH connections
time out and close after the "LoginTimeout" value in sshd_config despite
successful interactive keyboard login.
   However, I don't wish to allow domain logins for SSH if I don't have
to (since no one really needs a shell on my server). Can anyone tell me
whether I _must_ re-compile Samba with "--enable-pam" and configure
/etc/pam.conf, or whether I can set sshd to ignore this? If I enable
Kerberos for SSH logins will I then side-step this problem?
   I have MIT Kerberos 1.4 getting tickets from my Active Directory
server; I compiled Samba with the flags "--with-included-popt
--with-winbind --with-ads --with-ldap --with-krb5=/usr/local/kerberos"
to the `configure` command.
Will Enestvedt
UNIX System Administrator
Johnson & Wales University -- Providence, RI

More information about the samba mailing list