[Samba] ads authentication and Solaris
Greg Byshenk
samba at byshenk.net
Tue Sep 30 18:26:43 GMT 2008
On Mon, Sep 29, 2008 at 10:05:17AM -0700, William Wilson wrote:
> We have a number of Solaris servers that we run samba shares off of.
> So far, even using ads for authentication, we have to set up accounts
> so an entry is in the passwd file for the user. Is there any way to
> bypass passwd completely and just authenticate via the domain?
I'm not currently running samba on Solaris, but have been playing a
bit with using pure ADS auth on a FreeBSD machine, and it seems to
work.
What is required is to enable pam_winbind for ssh (and presumably
for anything else desired, but I've only done ssh connections so
far), set winbind for 'passwd' and 'group' entries in nsswitch.conf,
and mount /home at /home/<DOMAIN>.
Currently you have to login as <DOMAIN>\user, but I believe that
setting 'winbind use default domain = yes' in smb.conf should
allow "bare" usernames. (I haven't got so far as testing this, yet.)
--
greg byshenk - gbyshenk at byshenk.net - Leiden, NL
More information about the samba
mailing list