[Samba] DM and ''offline'' PAM (and NSS?)...
Marco Gaiarin
gaio at sv.lnf.it
Mon Dec 18 15:44:32 UTC 2017
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> What you show below is correct.
> In linux, DOM\user != user
I know. And i was using 'wbinfo', that, AFAIK query directly winbind
and no POSIX stuff...
> https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
> [realms]
> SAMDOM.EXAMPLE.COM = {
> auth_to_local = RULE:[1:SAMDOM\$1]
> }
Interesting! I've looked at that in the past, but i was not interested
in SSO so i've probably skipped.
Anyway, i've tried to comment out 'winbind use default domain = yes'
and add this stanza to /etc/krb5.conf but seems does not work, eg:
root at vdmsv1:~# getent passwd gaio
root at vdmsv1:~# getent passwd LNFFVG\\gaio
LNFFVG\gaio:*:10000:10513:Marco Gaiarin:/home/gaio:/bin/bash
only the 'domainful' version of the account work.
> Now, since im not sure this works ok, i dont use it on my debian servers, i use option2.
> option2 is ignore the "not recommended setting : "winbind use default domain = yes"
Also i, option 2. ;-)
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list