[Samba] Kerberos and PAM

M Azer azermina at gmail.com
Fri Jan 5 02:01:22 GMT 2007


I am new to samba. I followed the docs on samba.com to configure samba as
"domain member", security = domain, and to user winbind to authenticate
users against windows 2003 AD. well, my question is the steps mentioned the
use of PAM to do the authentications against the AD but it doesn't work - do
I also need to configure kerberos for this type of installation?

[root at itbox john]# smbclient -L testbox
Password:
session setup failed: *NT_STATUS_LOGON_FAILURE*

client machines XP pro are able to browse the network and
get to see my share (user share) however when i double click it i get a
login asking for the user name and password

smb.conf:
[global]
workgroup = CAD
netbios name = itbox
security = DOMAIN
encrypt passwords = yes
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

pam.d/samba
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
auth required pam_winbind.so
account required pam_winbind.so
account required pam_stack.so service=system-auth
session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth


More information about the samba mailing list