[Samba] winbind without localuser account
Mike Partyka
mpartyka at gmail.com
Fri Jan 13 22:28:48 GMT 2006
wbinfo uses the winbindd daemon to query an active directory, if you get
user and group listing output from wbinfo -u/-g then it tells you it's
correctly communicating with the AD. getent is similar, but it appends the
AD accounts to your /etc/passwd and /etc/group files so indicates if the AD
accounts are appearing as local accounts.
Regarding your pam module question, i did my setup on Fedora, which has a
central pam module that all other modules refer to system-auth, which is
where i placed all my winbind changes. I know i have seen an example of the
/etc/pam.d/samba file in one of the online books at www.samba.org but i
spent 10 minutes or so looking for it without success. But there is a
searchable archive of the samba mailing list at:
http://marc.theaimsgroup.com/?l=samba&r=1&w=2
I use it all the time.
HTH
Mike
On 1/11/06, Geoffrey Scott <geoffs at guestshire.com> wrote:
>
> Paul Matthews wrote:
> > hi there,
> >
> > i'm trying to get my winbind working without having a local account
> > on the machine, but it's just not working for me
> >
> > can someone show me an example of a pam module that requires only a
> > Active directory password.(i'm working with /etc/pam.d/dovecot)
> >
> > i can use my AD password as long as i have a local account, but i
> > don't want to have a local account.
>
> For samba on debian this works:
>
> auth sufficient pam_winbind.so
> auth required pam_unix.so nullok
> account sufficient pam_winbind.so
> account required pam_unix.so
> session required pam_unix.so
> password required pam_unix.so
>
> Also what do the getent & wbinfo tests show? Do they work?
>
> Regards Geoff Scott
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list