[Samba] Re: Authentication against AD?

Dimitri Yioulos dyioulos at firstbhph.com
Wed Sep 14 15:05:38 GMT 2005

On Wednesday 14 September 2005 10:21 am, you wrote:
> Could I get an example of the /etc/pam.d/login configuration for use
> with winbind?
> Dimitri Yioulos wrote:
> >On Tuesday 13 September 2005 3:58 pm, Rex Dieter wrote:
> >>Jason Gerfen wrote:
> >>>I am having a hard time getting Samba to authentication correctly
> >>>against a Windows Active Directory setup.
> >>>
> >>>       template shell = /bin/bash
> >>>       template homedir = /home/%D/%U
> >>>
> >>>I can run the net ads join command which works fine, but if I try to
> >>>authentication without a local account I am recieving errors.  Any
> >>>assistance or pointers is appreciated.
> >>
> >>If you want to avoid the use of local accounts, you also need to
> >>configure/use winbind and pam+nss_winbind
> >>
> >>-- Rex
> >
> >Rex is right.  You need to configure resolv.conf, nsswitch.conf, and
> >etc/pam.d/login.
> >
> >Dimitri


I'll do it, but you really should read Samba-3 by Example.  John H. and 
company have done an excellent job of documenting Samba configuration and 
use.  It would be better to use the mailing list after that.

That said:

auth       required     pam_securetty.so
auth    sufficient      pam_winbind.so
auth    sufficient      pam_unix.so use_first_pass
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account sufficient      pam_winbind.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so


More information about the samba mailing list