[Samba] CHOWN

sandy.napoles at eccmg.cupet.cu sandy.napoles at eccmg.cupet.cu
Thu Apr 5 08:52:25 MDT 2012

Hello list, here is the procedure to permit user create in active
directory login samba4 server, using pam_winbind

Installing and configuring

Ensure that you built Samba 4 with libpam0g-dev installed on your system.
If not, install the PAM development libraries and re-compile Samba 4 from
the ./configure.developer stage. Install pam_winbind.so in the usual

1 ln -s /usr/local/samba/lib/pam_winbind.so /lib/security
Ckeck you have a similar entry in smb.conf:

template shell = /bin/bash

2. Restart your samba 4 server
Note: The following actions can cause you not to be able to connect to
your system if you do something wrong. You are invitated to make a backup
of your previous configuration and to have a spare connection to the
server as root to be able to restore them in case of problem.

3. Files to modify:
        Add this line before pam_unix.so:
        auth  sufficient  pam_winbind.so
        Also add the option use_first_pass to the pam_unix.so line
        Add this line before pam_unix.so:
       account sufficient pam_winbind.so

        Add these lines before any other session line:
        session required pam_mkhomedir.so
        session required pam_winbind.so
    Check that getent passwd return a correct entry:
getent passwd
ssh administrator at

It's important that the shell must be a real shell (and not /bin/false).

    Check that you can connect as a non domain user (ie. root or any other
account that used before

More information about the samba mailing list