[Samba] Problem with pam_winbind using 'su'

lists at zxt10d.de lists at zxt10d.de
Thu Apr 28 09:53:05 UTC 2022


Sorry, that was the wrong tab in Notepad++ ...
I tried different setting for weeks, and have chosen the wrong one :(

Here's the correct one I use:
[global]
         log file = /var/log/samba/log.%m
         logging = file
         log level = 1 auth_audit:3@/var/log/samba/samba_auth_audit.log
         max log size = 1000
         realm = %UNIVERSITY%.DE
         security = ADS
         server role = member server
         username map = /etc/samba/user.map
         workgroup = %UNIVERSITY%
         vfs objects = acl_xattr
         map acl inherit = yes
         load printers = no
         printing = bsd
         printcap name = /dev/null
         template shell = /bin/bash

That's ok, isn't it?

Now, with "template shell = /bin/bash" it works fine! :)

Thanks a lot!
Torsten


Am 28.04.2022 um 11:38 schrieb Rowland Penny via samba:
> On Thu, 2022-04-28 at 11:06 +0200, lists--- via samba wrote:
>> Sure! :)
>>
>> # Global parameters
>> [global]
>>           ldap admin dn = CN=%ADMINACCOUNT%,OU=Admin
>> Accounts,OU=Accounts,OU=_AFP,OU=_%UNIVERSITY%
>> Systeme,DC=%UNIVERSITY%,DC=de
>>           ldap debug level = 4
>>           ldap group suffix = OU=Groups,OU=AFP,OU=%UNIVERSITY%
>> Users,dc=%UNIVERSITY%,dc=de
>>           ldap machine suffix = OU=Computers,OU=_AFP,OU=_%UNIVERSITY%
>> Systeme,DC=%UNIVERSITY%,DC=de
>>           ldap suffix = DC=%UNIVERSITY%,DC=DE
>>           ldap user suffix = ou=Users,ou=AFP,ou=%UNIVERSITY%
>> Users,dc=%UNIVERSITY%,dc=de
>>           log file = /var/log/samba/log.%m
>>           logging = file
>>           log level = 1
>> auth_audit:3@/var/log/samba/samba_auth_audit.log
>>           max log size = 1000
>>           realm = %UNIVERSITY%
>>           security = ADS
>>           server role = member server
>>           username map = /etc/samba/user.map
>>           workgroup = %UNIVERSITY%
>>           idmap config * : range = 10000-9999999
>>           idmap config * : backend = autorid
>>
>> vfs objects = acl_xattr
>> map acl inherit = yes
>>
>> load printers = no
>> printing = bsd
>> printcap name = /dev/null
> 
> As I thought (but worse), you haven't set 'template shell' so you are
> using the default 'template shell = /bin/false', that is why you get
> logged out immediately.
> 
> Now we come to the 'worse' bit. Why do you have all those useless
> 'ldap' lines ?
> 
> Rowland
>    
> 
> 



More information about the samba mailing list