[Samba] Re: Authentication against AD?

Jason Gerfen jason.gerfen at scl.utah.edu
Wed Sep 14 15:11:46 GMT 2005 

I just wanted to make sure what I have currently is accurate for the 
/etc/pam.d/login, which according to what you sent me and the HOWTO you 
refered me to it is.

For some reason I have still having problems.  Would it matter if I had 
a non-traditional active directory schema (was modified to include unix 
services)?

Dimitri Yioulos wrote:

>On Wednesday 14 September 2005 10:21 am, you wrote:
>  
>
>>Could I get an example of the /etc/pam.d/login configuration for use
>>with winbind?
>>
>>Dimitri Yioulos wrote:
>>    
>>
>>>On Tuesday 13 September 2005 3:58 pm, Rex Dieter wrote:
>>>      
>>>
>>>>Jason Gerfen wrote:
>>>>        
>>>>
>>>>>I am having a hard time getting Samba to authentication correctly
>>>>>against a Windows Active Directory setup.
>>>>>
>>>>>      template shell = /bin/bash
>>>>>      template homedir = /home/%D/%U
>>>>>
>>>>>I can run the net ads join command which works fine, but if I try to
>>>>>authentication without a local account I am recieving errors.  Any
>>>>>assistance or pointers is appreciated.
>>>>>          
>>>>>
>>>>If you want to avoid the use of local accounts, you also need to
>>>>configure/use winbind and pam+nss_winbind
>>>>
>>>>-- Rex
>>>>        
>>>>
>>>Rex is right.  You need to configure resolv.conf, nsswitch.conf, and
>>>etc/pam.d/login.
>>>
>>>Dimitri
>>>      
>>>
>
>Jason,
>
>I'll do it, but you really should read Samba-3 by Example.  John H. and 
>company have done an excellent job of documenting Samba configuration and 
>use.  It would be better to use the mailing list after that.
>
>That said:
>
>#%PAM-1.0
>auth       required     pam_securetty.so
>auth    sufficient      pam_winbind.so
>auth    sufficient      pam_unix.so use_first_pass
>auth       required     pam_stack.so service=system-auth
>auth       required     pam_nologin.so
>account sufficient      pam_winbind.so
>account    required     pam_stack.so service=system-auth
>password   required     pam_stack.so service=system-auth
>session    required     pam_stack.so service=system-auth
>session    optional     pam_console.so
>
>Dimitri
>  
>


-- 
Jason Gerfen
Student Computing Labs, University Of Utah
jason.gerfen at scl.utah.edu

J. Willard Marriott Library
295 S 1500 E, Salt Lake City, UT 84112-0860
801-585-9810

"My girlfriend threated to
 leave me if I went boarding...
 I will miss her."
 ~ DIATRIBE aka FBITKK

More information about the samba mailing list