[Samba] AD integration checklist
simo
idra at samba.org
Sat Dec 9 01:58:14 GMT 2006
On Fri, 2006-12-08 at 17:35 -0600, Don Meyer wrote:
> Interestingly, I've never modified my /etc/pam.d/samba -- mainly
> because I make the modifications in /etc/pam.d/system-auth, so the
> AD-based auth can take effect for all services.
Sorry I didn't realize this was about the samba pam conf file
specifically, I'd say that for samba pam_winbindd is completely
unnecessary, system-auth is the right place for general authentication.
> The one slight hiccup I am seeing is for console logins: locally
> defined users can log onto the console successfully -- if they use
> there AD password, they are accepted on the first password prompt.
>
> However, if they use their locally defined password (shadow) at the
> console, then they are subjected to a second password prompt each time
> -- and it doesn't matter whether they enter the local password
> correctly on the first prompt, it only matters on the second one. Is
> there something about my placement/ordering above that might be
> causing this?
put the option use_first_pass on the second module in the stack, so that
it doesn't ask for a new password, but try with the one provided to the
first module.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba
mailing list