[Samba] Kerberos and PAM

Dale Schroeder dale at BriannasSaladDressing.com
Fri Jan 5 22:41:30 GMT 2007


Since you are connecting to AD, I would use "security = ADS".  It is my 
understanding that Kerberos is required for AD.  If you're using linux, 
something similar to the links below should work for you.

http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1

Good luck,
Dale


M Azer wrote:
> I am new to samba. I followed the docs on samba.com to configure samba as
> "domain member", security = domain, and to user winbind to authenticate
> users against windows 2003 AD. well, my question is the steps 
> mentioned the
> use of PAM to do the authentications against the AD but it doesn't 
> work - do
> I also need to configure kerberos for this type of installation?
>
> [root at itbox john]# smbclient -L testbox
> Password:
> session setup failed: *NT_STATUS_LOGON_FAILURE*
>
> client machines XP pro are able to browse the network and
> get to see my share (user share) however when i double click it i get a
> login asking for the user name and password
>
> smb.conf:
> [global]
> workgroup = CAD
> netbios name = itbox
> security = DOMAIN
> encrypt passwords = yes
> winbind separator = +
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> browseable = No
>
> pam.d/samba
> #%PAM-1.0
> auth required pam_nologin.so
> auth required pam_stack.so service=system-auth
> auth required pam_winbind.so
> account required pam_winbind.so
> account required pam_stack.so service=system-auth
> session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022
> session required pam_stack.so service=system-auth
> password required pam_stack.so service=system-auth


More information about the samba mailing list