[Samba] pam_winbind stops working when use_krb5 is enabled

Rowland penny rpenny at samba.org
Fri Feb 26 09:28:34 UTC 2021


On 26/02/2021 06:22, cn--- via samba wrote:
> Hello Tim,
> I can confirm that joining with Samba works on Centos 8. We have 5 DCs 
> and member servers running on 8.
> The only thing I have run after the join is this:
>
> authselect select winbind --force
>
> in nsswitch.conf I have this then:
>
> passwd:     files winbind systemd
> group:      files winbind systemd
>
>
> And it works.
>
> I can log in using krb by ssh. SMB works by krb also.
>
>
> Successful AuthZ: [SMB2,krb5] user [DOMAIN-02]\[XX] 
> [S-1-5-21-XXXXXXX-XXXXX-XXXXX-XXXXX].
>
> However, I am not sure how this all works together.


If you have got Samba working with kerberos on Centos 8, then you did 
better than me. I tested a Domain member on Centos 8 which worked, but 
there was no kerberos until I built the Centos 7 pam_krb5 package.

Rowland






More information about the samba mailing list