Mailinglist Archive: opensuse (770 mails)

< Previous Next >
Re: [opensuse] pam winbind settings problem
On Tue, Aug 14, 2012 at 08:25:42PM +0200, lynn wrote:

openSUSE seems to have no way to set pam winbind settings unless you
join an existing domain as a client.

What if, as in Samba4, we are already the DC? We seem to have no way
of setting up pam winbind without specifically joining a domain.
Ubuntu has a module where you can set pam winbind whether or not you
join a domain.

The official Samba doco cites this for pam winbind:
Add this line before
auth sufficient
Also add the option use_first_pass to the line

Add this line before
account sufficient

Add these lines before any other session line:
session required
session required

However, this does not work with 12.1 nor 12.2 RC2 since then,
Kerberos authentication does not work.

Could anyone post their /etc/pam.d config for a working Samba4 DC
with Kerberos and winbind? Better still, could we have a pam setup
(yast maybe?) which does the same job as Ubuntu's pam-auth-config?

Please report a defect via bugzilla and assign it to Jiří Suchomel

In the defect report please add a link to this thread in the list
archive. This enables Jiří to get all required information without the
need of duplicating them.

Be this nice and report the defect ID back to this thread as a easy
clickable link.


Lars Müller [ˈlaː(r)z ˈmʏlɐ]
Samba Team + SUSE Labs
SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
< Previous Next >
This Thread
Follow Ups