[Samba] Confusion about libpam-krb5 and libpam-winbind

Matthias Kühne | Ellerhold AG matthias.kuehne at ellerhold.de
Thu Feb 17 10:12:24 UTC 2022

Hello samba-community,

on our Debian Domain members (Samba 4.14) we cant change the password of 
local (non-AD) users, because it asks for the "Current kerberos password".

Ive tracked it down to the libpam-krb5. I can up the "minimum_uid" from 
1000 to the value of my smb.conf (10000) and the problem is gone. Is 
this the correct way to fix this problem?

That leads me to a second question: What we need on these servers are 
SSH and SMB access via users from the domain. Both are using username + 
password (e. g. MY-DOMAIN\matthias.kuehne and a PW). As far as I 
understand it this is handled by libpam-winbind, correct?

libpam-krb5 would enable me to use kerberos tickets to access the file 
shares (and possibly ssh?). If I dont need that - can I uninstall it or 
does any background system of a samba domain member use this pam-module? 
Same question for a samba ad-dc!

Thanks for your time!

Matthias Kühne.

Matthias Kühne
Senior Webentwickler

Ellerhold Aktiengesellschaft
Friedrich-List-Str. 4
01445 Radebeul

Telefon: +49 (0) 351 83933-61
Telefax: +49 (0) 351 83933-99

Web     www.ellerhold.de
Twitter www.twitter.com/Ellerhold_AG
Youtube www.youtube.com/user/ellerholdgruppe

Amtsgericht Dresden / HRB 23769
Vorstand: Stephan Ellerhold, Maximilian Ellerhold
Vorsitzender des Aufsichtsrates: Frank Ellerhold

---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges löschen dieser E-Mail und der Anlagen.

Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/

This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments.

You can find our privacy policy here: http://www.ellerhold.de/datenschutz/

More information about the samba mailing list