[Samba] DM and ''offline'' PAM (and NSS?)...

L.P.H. van Belle belle at bazuin.nl
Mon Dec 18 15:02:24 UTC 2017 

What you show below is correct. 

In linux, DOM\user != user

If you want that. See: 
https://wiki.samba.org/index.php/OpenSSH_Single_sign-on 

[realms]
    SAMDOM.EXAMPLE.COM = {
        auth_to_local = RULE:[1:SAMDOM\$1]
    }

Now, since im not sure this works ok, i dont use it on my debian servers, i use option2. 

option2 is ignore the "not recommended setting :  "winbind use default domain = yes" 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: maandag 18 december 2017 15:52
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] DM and ''offline'' PAM (and NSS?)...
> 
> 
> > I've seen:
> > 	https://wiki.samba.org/index.php/PAM_Offline_Authentication
> 
> I've tried to enable offline logon, and seems to work as expected.
> 
> I've only found a little strange thing, i think related to the fact
> that in my DM i've set 'winbind use default domain = yes'.
> 
> 
> Folowing the wiki, i've enabled offline logon and then done:
> 
> ['smbcontrol winbind online'
>  root at vdmsv1:~# wbinfo -K LNFFVG\\gaio
>  Enter LNFFVG\gaio's password: 
>  plaintext kerberos password authentication for [LNFFVG\gaio] 
> succeeded (requesting cctype: FILE)
>  credentials were put in: FILE:/tmp/krb5cc_0
> 
> ['smbcontrol winbind offline']
>  root at vdmsv1:~# wbinfo -K LNFFVG\\gaio
>  Enter LNFFVG\gaio's password: 
>  plaintext kerberos password authentication for [LNFFVG\gaio] 
> succeeded (requesting cctype: FILE)
>  user_flgs: NETLOGON_CACHED_ACCOUNT
>  credentials were put in: FILE:/tmp/krb5cc_0
> 
> Goot. But still in 'smbcontrol winbind offline' i've done also a:
> 
>  root at vdmsv1:~# wbinfo -K gaio
>  Enter gaio's password: 
>  plaintext kerberos password authentication for [gaio] 
> succeeded (requesting cctype: FILE)
>  credentials were put in: FILE:/tmp/krb5cc_0
> 
> and there's no 'user_flgs'. Boh...
> 
> -- 
> dott. Marco Gaiarin				        GNUPG 
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al 
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> f +39-0434-842797
> 
> 		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list