Mailinglist Archive: opensuse (770 mails)

< Previous Next >
Re: [opensuse] pam winbind settings problem
On Tue, Aug 14, 2012 at 08:25:42PM +0200, lynn wrote:

openSUSE seems to have no way to set pam winbind settings unless you
join an existing domain as a client.

What if, as in Samba4, we are already the DC? We seem to have no way
of setting up pam winbind without specifically joining a domain.
Ubuntu has a module where you can set pam winbind whether or not you
join a domain.

The official Samba doco cites this for pam winbind:
/etc/pam.d/common-auth
Add this line before pam_unix.so:
auth sufficient pam_winbind.so
Also add the option use_first_pass to the pam_unix.so line

/etc/pam.d/common-account
Add this line before pam_unix.so:
account sufficient pam_winbind.so

/etc/pam.d/common-session
Add these lines before any other session line:
session required pam_mkhomedir.so
session required pam_winbind.so

However, this does not work with 12.1 nor 12.2 RC2 since then,
Kerberos authentication does not work.

Could anyone post their /etc/pam.d config for a working Samba4 DC
with Kerberos and winbind? Better still, could we have a pam setup
(yast maybe?) which does the same job as Ubuntu's pam-auth-config?

Please report a defect via bugzilla and assign it to Jiří Suchomel
<jsuchome@xxxxxxxx>.

In the defect report please add a link to this thread in the list
archive. This enables Jiří to get all required information without the
need of duplicating them.

Be this nice and report the defect ID back to this thread as a easy
clickable link.

Thanks,

Lars
--
Lars Müller [ˈlaː(r)z ˈmʏlɐ]
Samba Team + SUSE Labs
SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
< Previous Next >
This Thread
Follow Ups
References