[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED

Oliver Werner oliver.werner at kontrast.de
Fri Sep 30 12:31:06 UTC 2016 

Hi rowland,

is pam really need?

Users should not login via terminal to this system. this is only as Samba File-Server

OLIVER WERNER
Systemadministrator



> Am 30.09.2016 um 13:51 schrieb Rowland Penny via samba <samba at lists.samba.org>:
> 
> On Fri, 30 Sep 2016 13:32:18 +0200
> Oliver Werner <oliver.werner at kontrast.de> wrote:
> 
>> the interface part is ok. eth0 has another IP as eth0:35
>> 
>> DCs show me the profiles
>> 
>> unix authentication
>> register user session in the systemd….
>> inheritable capabilities management
>> OLIVER WERNER
>> Systemadministrator
>> 
> 
> I use Devuan and I get:
> 
> Kerberos authentication
> Unix authentication
> Winbind NT/Active Directory authentication
> GNOME Keyring Daemon - Login keyring management
> ConsoleKit Session Management
> Inheritable Capabilities Management
> 
> 
> Ignore the last three.
> 
> You are only using Unix authentication on your domain member and as
> you have compiled Samba yourself, you cannot install the distro
> packages to fix the winbind part.
> 
> First install libpam-krb5, then create a
> file:   /usr/share/pam-configs/winbind
> 
> containing this:
> 
> Name: Winbind NT/Active Directory authentication
> Default: yes
> Priority: 192
> Auth-Type: Primary
> Auth:
> 	[success=end default=ignore]	pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
> Auth-Initial:
> 	[success=end default=ignore]	pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login
> Account-Type: Primary
> Account:
> 	[success=end new_authtok_reqd=done default=ignore]	pam_winbind.so
> Password-Type: Primary
> Password:
> 	[success=end default=ignore]	pam_winbind.so use_authtok try_first_pass
> Password-Initial:
> 	[success=end default=ignore]	pam_winbind.so
> Session-Type: Additional
> Session:
> 	optional			pam_winbind.so
> 
> run 'pam-auth-update' again
> 
> Did you create the libnss_win* links ?
> 
> Do you require your users to have home directories on the domain
> member ?
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list