[Samba] pam_winbind fails to authenticate domain users on my debian wheezy domain member servers
Rowland Penny
rowlandpenny at googlemail.com
Thu Jan 9 06:22:29 MST 2014
On 09/01/14 13:05, mourik jan heupink wrote:
> Hi Rowland, list,
>
>> Yes, but you will have to be brave, stop using debian and the sernet
>> packages, download the latest Ubuntu 14.04 iso and then install samba4 &
>> sssd, this will work perfectly as a client.
>
> But I'm actually thinking about my AD controller, where I would like
> to make my AD samba4 users available as linux users as well. (as we
> use regular linux groups/users for access permissions)
>
> So, when using self-compiled samba4 (as I often see recommended here)
> I should be fine with wheezy/stock sssd, right..?
>
> MJ
Hi, the preferred practice, at the moment, would be to use the S4 AD
server just for authentication and setup separate fileservers to store
shares etc.
Having said that, if you are going to use sssd, the higher the version
the better. With the latest version (1.11.3) you only need this in
sssd.conf:
[sssd]
services = nss, pam
config_file_version = 2
domains = example.com
[nss]
[pam]
[domain/example.com]
#enumerate = true
cache_credentials = true
ldap_id_mapping = False
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
As you can see, no ranges to worry about or having to get the syntax
correct, you do not even have to map anything, much easier than winbind
etc ;-)
Rowland
More information about the samba
mailing list