[Samba] CHOWN

[sandy.napoles at eccmg.cupet.cu]

Hello list, here is the procedure to permit user create in active
directory login samba4 server, using pam_winbind

Installing and configuring

Ensure that you built Samba 4 with libpam0g-dev installed on your system.
If not, install the PAM development libraries and re-compile Samba 4 from
the ./configure.developer stage. Install pam_winbind.so in the usual
place:

1 ln -s /usr/local/samba/lib/pam_winbind.so /lib/security
Ckeck you have a similar entry in smb.conf:

[global]
template shell = /bin/bash

2. Restart your samba 4 server
Note: The following actions can cause you not to be able to connect to
your system if you do something wrong. You are invitated to make a backup
of your previous configuration and to have a spare connection to the
server as root to be able to restore them in case of problem.

3. Files to modify:
    /etc/pam.d/common-auth
        Add this line before pam_unix.so:
        auth  sufficient  pam_winbind.so
        Also add the option use_first_pass to the pam_unix.so line
    /etc/pam.d/common-account
        Add this line before pam_unix.so:
       account sufficient pam_winbind.so
    /etc/pam.d/common-session

        Add these lines before any other session line:
        session required pam_mkhomedir.so
        session required pam_winbind.so
Testing
    Check that getent passwd return a correct entry:
getent passwd
...
ssh administrator at 10.0.100.1
...

It's important that the shell must be a real shell (and not /bin/false).

    Check that you can connect as a non domain user (ie. root or any other
account that used before