[Samba] Linux desktop setup with authentication against Samba AD DC
Peter Milesson
miles at atmos.eu
Sat Nov 30 18:03:04 UTC 2024
On 30.11.2024 17:26, Rowland Penny via samba wrote:
> On Sat, 30 Nov 2024 17:14:24 +0100
> Peter Milesson via samba <samba at lists.samba.org> wrote:
>
>> Hi Rowland,
>>
>> I got it working under Archlinux also. Most of the work was looking
>> up how to configure PAM with the pam_winbind and pam_krb5 modules.
>> Not very well documented.
> If by 'pam_krb5' you are referring to libpam-krb5, you do not require
> it, winbind will do it for you.
>
>> There is a Wiki page about setting up AD integration, but it would
>> imply moving the Kerberos cache file, which would break everything
>> dependent on Kerberos tickets.
> Which wiki page is this ?
>
> Rowland
>
>
Hi Rowland,
I haven't a deep knowledge of what packages are sufficient, and which
ones are superfluous. I will test the setup without libpam-krb5.
About the wiki page, it's Archlinux' AD integration page on
https://wiki.archlinux.org/title/Active_Directory_integration. I really
didn't follow it, and used what I set up on Debian instead. The
Archlinux pam_winbind.conf example will probably break most kerberized
applications, as the place of the Kerberos ticket cache is non standard.
It would be necessary to configure all applications using cached
Kerberos tickets in that case. Even Archlinux puts the Kerberos ticket
cache in /tmp default. Defaults are there for some reason...
Best regards,
Peter
More information about the samba
mailing list