[Samba] self compiled samba domain member, jessie, pam config
Rowland Penny
rowlandpenny241155 at gmail.com
Mon Oct 26 19:13:00 UTC 2015
On 26/10/15 18:59, mourik jan c heupink wrote:
> Hi,
>
> I installed a debian jessie machine, compiled/installed samba 4.3.1,
> configured as a domain member server, configured winbind: all working
> nicely. Great docs on the wiki.
> (https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server)
>
> One remaining thing: How do I exactly configure pam_winbind in the
> setup above?
>
> On the wiki I read that debian uses pam-auth-update. That does not
> seem to detect the winbind install. Installing doing apt-get install
> libpam-winbind wants to install the complete samba package from debian
> jessie.
>
> I have read this page also:
> https://wiki.debian.org/AuthenticatingLinuxWithActiveDirectory but it
> seems very old, and the pam files on my system look very different.
>
> Are there instructions somewhere on the wiki, or does someone have
> some notes in the subject he or she would care to share?
>
> MJ
>
OK, create a file called /usr/share/pam-configs/winbind containing this:
Name: Winbind NT/Active Directory authentication
Default: yes
Priority: 192
Auth-Type: Primary
Auth:
[success=end default=ignore] pam_winbind.so krb5_auth
krb5_ccache_type=FILE cached_login try_first_pass
Auth-Initial:
[success=end default=ignore] pam_winbind.so krb5_auth
krb5_ccache_type=FILE cached_login
Account-Type: Primary
Account:
[success=end new_authtok_reqd=done default=ignore] pam_winbind.so
Password-Type: Primary
Password:
[success=end default=ignore] pam_winbind.so use_authtok
try_first_pass
Password-Initial:
[success=end default=ignore] pam_winbind.so
Session-Type: Additional
Session:
optional pam_winbind.so
See:
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member#libnss_winbind
Follow the link to: https://wiki.samba.org/index.php/Libnss_winbind_links
Rowland
More information about the samba
mailing list