[Samba] pam_winbind and offline logon
Peter Milesson
miles at atmos.eu
Fri Dec 22 18:46:13 UTC 2023
On 22.12.2023 19:07, bd730c5053df9efb via samba wrote:
> Hi all!
>
> As a long slackware user I'm a total noob in pam and I'm banging my head against a wall trying to set it up correctly to play nice with slackware's default pam configuration.
>
> One of the things I'm trying to accomplish is to be able to logon while the ad domain is available and have pam_mount automount the samba shares and to be able to do an offline logon and skip the automount if the domain isn't available. Does pam_winbind export some information that could indicate if the logon was against an ad dc or using cached information that could be used to, for example, skip the pam_mount module?
>
> Thanks in advance,
> Best regards,
> Dave.
>
> Sent with Proton Mail secure email.
>
Hi Dave,
Just to make my previous answer a bit more complete. I did change a
couple of things in PAM. Somebody with more knowledge about PAM than
mine, may have something to say here. I made the following additions:
common-auth add line
===================
auth optional pam_cifscreds.so
common-session add those 2 lines
=============================
session required pam_keyinit.so
session optional pam_cifscreds.so host=myserver
Best regards,
Peter
More information about the samba
mailing list