[Samba] winbind without localuser account

Mike Partyka mpartyka at gmail.com
Fri Jan 13 22:28:48 GMT 2006

wbinfo uses the winbindd daemon to query an active directory, if you get
user and group listing output from wbinfo -u/-g then it tells you it's
correctly communicating with the AD. getent is similar, but it appends the
AD accounts to your /etc/passwd and /etc/group files so indicates if the AD
accounts are appearing as local accounts.

Regarding your pam module question, i did my setup on Fedora, which has a
central pam module that all other modules refer to system-auth, which is
where i placed all my winbind changes. I know i have seen an example of the
/etc/pam.d/samba file in one of the online books at www.samba.org but i
spent 10 minutes or so looking for it without success. But there is a
searchable archive of the samba mailing list at:


I use it all the time.


On 1/11/06, Geoffrey Scott <geoffs at guestshire.com> wrote:
> Paul Matthews wrote:
> > hi there,
> >
> > i'm trying to get my winbind working without having a local account
> > on the machine, but it's just not working for me
> >
> > can someone show me an example of a pam module that requires only a
> > Active directory password.(i'm working with /etc/pam.d/dovecot)
> >
> > i can use my AD password as long as i have a local account, but i
> > don't want to have a local account.
> For samba on debian this works:
> auth            sufficient      pam_winbind.so
> auth            required        pam_unix.so nullok
> account         sufficient      pam_winbind.so
> account         required        pam_unix.so
> session         required        pam_unix.so
> password        required        pam_unix.so
> Also what do the getent & wbinfo tests show?  Do they work?
> Regards Geoff Scott
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list