[Samba] AD integration checklist

simo idra at samba.org
Sat Dec 9 01:58:14 GMT 2006

On Fri, 2006-12-08 at 17:35 -0600, Don Meyer wrote:
> Interestingly, I've never modified my /etc/pam.d/samba -- mainly
> because I make the modifications in /etc/pam.d/system-auth, so the
> AD-based auth can take effect for all services.

Sorry I didn't realize this was about the samba pam conf file
specifically, I'd say that for samba pam_winbindd is completely
unnecessary, system-auth is the right place for general authentication.

> The one slight hiccup I am seeing is for console logins:   locally
> defined users can log onto the console successfully --  if they use
> there AD password, they are accepted on the first password prompt.   
> However, if they use their locally defined password (shadow) at the
> console, then they are subjected to a second password prompt each time
> -- and it doesn't matter whether they enter the local password
> correctly on the first prompt, it only matters on the second one.   Is
> there something about my placement/ordering above that might be
> causing this?

put the option use_first_pass on the second module in the stack, so that
it doesn't ask for a new password, but try with the one provided to the
first module.

Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org

More information about the samba mailing list