[Samba] DM and ''offline'' PAM (and NSS?)...

Marco Gaiarin gaio at sv.lnf.it
Mon Dec 18 15:44:32 UTC 2017


Mandi! L.P.H. van Belle via samba
  In chel di` si favelave...

> What you show below is correct. 
> In linux, DOM\user != user

I know. And i was using 'wbinfo', that, AFAIK query directly winbind
and no POSIX stuff...


> https://wiki.samba.org/index.php/OpenSSH_Single_sign-on 
> [realms]
>     SAMDOM.EXAMPLE.COM = {
>         auth_to_local = RULE:[1:SAMDOM\$1]
>     }

Interesting! I've looked at that in the past, but i was not interested
in SSO so i've probably skipped.

Anyway, i've tried to comment out 'winbind use default domain = yes'
and add this stanza to /etc/krb5.conf but seems does not work, eg:

	root at vdmsv1:~# getent passwd gaio
	root at vdmsv1:~# getent passwd LNFFVG\\gaio
	LNFFVG\gaio:*:10000:10513:Marco Gaiarin:/home/gaio:/bin/bash

only the 'domainful' version of the account work.


> Now, since im not sure this works ok, i dont use it on my debian servers, i use option2. 
> option2 is ignore the "not recommended setting :  "winbind use default domain = yes" 

Also i, option 2. ;-)

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)



More information about the samba mailing list