[Samba] Re: Authentication against AD?
Dimitri Yioulos
dyioulos at firstbhph.com
Wed Sep 14 15:05:38 GMT 2005
On Wednesday 14 September 2005 10:21 am, you wrote:
> Could I get an example of the /etc/pam.d/login configuration for use
> with winbind?
>
> Dimitri Yioulos wrote:
> >On Tuesday 13 September 2005 3:58 pm, Rex Dieter wrote:
> >>Jason Gerfen wrote:
> >>>I am having a hard time getting Samba to authentication correctly
> >>>against a Windows Active Directory setup.
> >>>
> >>> template shell = /bin/bash
> >>> template homedir = /home/%D/%U
> >>>
> >>>I can run the net ads join command which works fine, but if I try to
> >>>authentication without a local account I am recieving errors. Any
> >>>assistance or pointers is appreciated.
> >>
> >>If you want to avoid the use of local accounts, you also need to
> >>configure/use winbind and pam+nss_winbind
> >>
> >>-- Rex
> >
> >Rex is right. You need to configure resolv.conf, nsswitch.conf, and
> >etc/pam.d/login.
> >
> >Dimitri
Jason,
I'll do it, but you really should read Samba-3 by Example. John H. and
company have done an excellent job of documenting Samba configuration and
use. It would be better to use the mailing list after that.
That said:
#%PAM-1.0
auth required pam_securetty.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
Dimitri
More information about the samba
mailing list