[Samba] Samba as a domain member:

Rowland penny rpenny at samba.org
Wed Jun 17 10:14:23 UTC 2020

On 17/06/2020 09:42, Vieri Di Paola via samba wrote:
> Nice call. It almost worked except for a small error in 'man
> pam_winbind' -- DOMAIN\\GROUP should actually be DOMAIN\GROUP in the
> pam.d file.
Probably historic and set like that because '\' is used by Linux as an 
escape character.
> Now, I'm a bit confused.
> The pam module 'pam_winbind' is from the Samba suite.
> OpenVPN is just passing on the authentication decision to Samba.
> However, I was expecting to just use the group name without the domain
> name since I have 'winbind use default domain = yes' in smb.conf.
Reasonable assumption, but it seems you do need the domain.
> I'm asking because I have two older systems (same distro, same
> packages, but older versions) that work fine with
> 'require_membership_of=GROUP'.
> On these systems, the smb.conf is different (configured at least a year ago):
> samba-4.5.10 (also built with system-mitkrb5)

There have been a lot of changes since 4.5.x and any one of them could 
be the reason for the change.


More information about the samba mailing list