Hi everyone openSUSE seems to have no way to set pam winbind settings unless you join an existing domain as a client. What if, as in Samba4, we are already the DC? We seem to have no way of setting up pam winbind without specifically joining a domain. Ubuntu has a module where you can set pam winbind whether or not you join a domain. The official Samba doco cites this for pam winbind: /etc/pam.d/common-auth Add this line before pam_unix.so: auth sufficient pam_winbind.so Also add the option use_first_pass to the pam_unix.so line /etc/pam.d/common-account Add this line before pam_unix.so: account sufficient pam_winbind.so /etc/pam.d/common-session Add these lines before any other session line: session required pam_mkhomedir.so session required pam_winbind.so However, this does not work with 12.1 nor 12.2 RC2 since then, Kerberos authentication does not work. Could anyone post their /etc/pam.d config for a working Samba4 DC with Kerberos and winbind? Better still, could we have a pam setup (yast maybe?) which does the same job as Ubuntu's pam-auth-config? Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org