[Samba] pam_winbind and offline logon

Peter Milesson miles at atmos.eu
Fri Dec 22 18:40:19 UTC 2023



On 22.12.2023 19:07, bd730c5053df9efb via samba wrote:
> Hi all!
>
> As a long slackware user I'm a total noob in pam and I'm banging my 
> head against a wall trying to set it up correctly to play nice with 
> slackware's default pam configuration.
>
> One of the things I'm trying to accomplish is to be able to logon 
> while the ad domain is available and have pam_mount automount the 
> samba shares and to be able to do an offline logon and skip the 
> automount if the domain isn't available. Does pam_winbind export some 
> information that could indicate if the logon was against an ad dc or 
> using cached information that could be used to, for example, skip the 
> pam_mount module?
>
> Thanks in advance,
> Best regards,
> Dave.
>
> Sent with Proton Mail secure email.
>
Hi Dave,

Just a few days ago I was banging my head against a wall for 
automounting a Samba share when logging on. After a day and a half I 
realized that I had the nscd service active. If you have got that one, 
uninstall it immediately. Winbind does not work with it.

I essentially followed this article 
(https://4sysops.com/archives/linux-smb-mount-for-multiple-users/). For 
me, also a previous Slackware buff, PAM is till this day a dark cloud. 
Now I'm on Debian, with a long interlude over CentOS (that goes in a 
direction I deeply distrust).

What I setup was:

fstab line
========
//myserver/myshare      /mnt/net   cifs 
credentials=/etc/samba/.creds,multiuser,sec=ntlmssp,_netdev 0 0

creds file
=======
domain=mydomain.splat
user=myusername
pass=mypassword

HTH,

Peter




More information about the samba mailing list