[Samba] pam_winbind fails to authenticate domain users on my debian wheezy domain member servers

Rowland Penny rowlandpenny at googlemail.com
Thu Jan 9 06:22:29 MST 2014


On 09/01/14 13:05, mourik jan heupink wrote:
> Hi Rowland, list,
>
>> Yes, but you will have to be brave, stop using debian and the sernet
>> packages, download the latest Ubuntu 14.04 iso and then install samba4 &
>> sssd, this will work perfectly as a client.
>
> But I'm actually thinking about my AD controller, where I would like 
> to make my AD samba4 users available as linux users as well. (as we 
> use regular linux groups/users for access permissions)
>
> So, when using self-compiled samba4 (as I often see recommended here) 
> I should be fine with wheezy/stock sssd, right..?
>
> MJ

Hi, the preferred practice, at the moment, would be to use the S4 AD 
server just for authentication and setup separate fileservers to store 
shares etc.
Having said that, if you are going to use sssd, the higher the version 
the better. With the latest version (1.11.3) you only need this in 
sssd.conf:

  [sssd]
services = nss, pam
config_file_version = 2
domains = example.com

[nss]

[pam]

[domain/example.com]
#enumerate = true
cache_credentials = true
ldap_id_mapping = False
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad

As you can see, no ranges to worry about or having to get the syntax 
correct, you do not even have to map anything, much easier than winbind 
etc ;-)

Rowland


More information about the samba mailing list