[Samba] Problem with pam_winbind using 'su'
Rowland Penny
rpenny at samba.org
Thu Apr 28 09:38:35 UTC 2022
On Thu, 2022-04-28 at 11:06 +0200, lists--- via samba wrote:
> Sure! :)
>
> # Global parameters
> [global]
> ldap admin dn = CN=%ADMINACCOUNT%,OU=Admin
> Accounts,OU=Accounts,OU=_AFP,OU=_%UNIVERSITY%
> Systeme,DC=%UNIVERSITY%,DC=de
> ldap debug level = 4
> ldap group suffix = OU=Groups,OU=AFP,OU=%UNIVERSITY%
> Users,dc=%UNIVERSITY%,dc=de
> ldap machine suffix = OU=Computers,OU=_AFP,OU=_%UNIVERSITY%
> Systeme,DC=%UNIVERSITY%,DC=de
> ldap suffix = DC=%UNIVERSITY%,DC=DE
> ldap user suffix = ou=Users,ou=AFP,ou=%UNIVERSITY%
> Users,dc=%UNIVERSITY%,dc=de
> log file = /var/log/samba/log.%m
> logging = file
> log level = 1
> auth_audit:3@/var/log/samba/samba_auth_audit.log
> max log size = 1000
> realm = %UNIVERSITY%
> security = ADS
> server role = member server
> username map = /etc/samba/user.map
> workgroup = %UNIVERSITY%
> idmap config * : range = 10000-9999999
> idmap config * : backend = autorid
>
> vfs objects = acl_xattr
> map acl inherit = yes
>
> load printers = no
> printing = bsd
> printcap name = /dev/null
As I thought (but worse), you haven't set 'template shell' so you are
using the default 'template shell = /bin/false', that is why you get
logged out immediately.
Now we come to the 'worse' bit. Why do you have all those useless
'ldap' lines ?
Rowland
More information about the samba
mailing list