On Tue, Aug 14, 2012 at 08:25:42PM +0200, lynn wrote:
openSUSE seems to have no way to set pam winbind settings unless you join an existing domain as a client.
What if, as in Samba4, we are already the DC? We seem to have no way of setting up pam winbind without specifically joining a domain. Ubuntu has a module where you can set pam winbind whether or not you join a domain.
The official Samba doco cites this for pam winbind: /etc/pam.d/common-auth Add this line before pam_unix.so: auth sufficient pam_winbind.so Also add the option use_first_pass to the pam_unix.so line
/etc/pam.d/common-account Add this line before pam_unix.so: account sufficient pam_winbind.so
/etc/pam.d/common-session Add these lines before any other session line: session required pam_mkhomedir.so session required pam_winbind.so
However, this does not work with 12.1 nor 12.2 RC2 since then, Kerberos authentication does not work.
Could anyone post their /etc/pam.d config for a working Samba4 DC with Kerberos and winbind? Better still, could we have a pam setup (yast maybe?) which does the same job as Ubuntu's pam-auth-config?
Please report a defect via bugzilla and assign it to Jiří Suchomel