[Samba] winbind without localuser account

Paul Matthews paul.matthews at cathedral.qld.edu.au
Thu Jan 12 01:48:14 GMT 2006

[root at fedora pam.d]# wbinfo -g
builtin\system operators
builtin\power users
builtin\print operators
builtin\account operators
builtin\backup operators
domain guests
domain users
domain computers
etc..., etc...

i'm running fedora core 3

i've never used 'getent' before what do i do there?

but i have a local account called 'pma' with the password 'unix' set locally
and the password 'ads' set on active directory, i can set my pam module so i
can login with the username 'pma and password 'ads'. so i think my winbind
is working fine.

ps: i tried that pam module below, same thing happened i can login with my
ads password, but i need a local account without a local account it wont let

i'm using squirriel mail and '/etc/pam.d/dovecot' to test it out.

-----Original Message-----
From: Geoffrey Scott [mailto:geoffs at guestshire.com]
Sent: Thursday, 12 January 2006 11:38
To: paul.matthews at cathedral.qld.edu.au; samba at lists.samba.org
Subject: RE: [Samba] winbind without localuser account

Paul Matthews wrote:
> hi there,
> i'm trying to get my winbind working without having a local account
> on the machine, but it's just not working for me
> can someone show me an example of a pam module that requires only a
> Active directory password.(i'm working with /etc/pam.d/dovecot)
> i can use my AD password as long as i have a local account, but i
> don't want to have a local account.

For samba on debian this works:

auth            sufficient      pam_winbind.so
auth            required        pam_unix.so nullok
account         sufficient      pam_winbind.so
account         required        pam_unix.so
session         required        pam_unix.so
password        required        pam_unix.so

Also what do the getent & wbinfo tests show?  Do they work?

Regards Geoff Scott

More information about the samba mailing list