On Tue, Aug 14, 2012 at 08:25:42PM +0200, lynn wrote:
openSUSE seems to have no way to set pam winbind settings unless you join an existing domain as a client.
What if, as in Samba4, we are already the DC? We seem to have no way of setting up pam winbind without specifically joining a domain. Ubuntu has a module where you can set pam winbind whether or not you join a domain.
The official Samba doco cites this for pam winbind: /etc/pam.d/common-auth Add this line before pam_unix.so: auth sufficient pam_winbind.so Also add the option use_first_pass to the pam_unix.so line
/etc/pam.d/common-account Add this line before pam_unix.so: account sufficient pam_winbind.so
/etc/pam.d/common-session Add these lines before any other session line: session required pam_mkhomedir.so session required pam_winbind.so
However, this does not work with 12.1 nor 12.2 RC2 since then, Kerberos authentication does not work.
Could anyone post their /etc/pam.d config for a working Samba4 DC with Kerberos and winbind? Better still, could we have a pam setup (yast maybe?) which does the same job as Ubuntu's pam-auth-config?
Please report a defect via bugzilla and assign it to Jiří Suchomel <jsuchome@suse.com>. In the defect report please add a link to this thread in the list archive. This enables Jiří to get all required information without the need of duplicating them. Be this nice and report the defect ID back to this thread as a easy clickable link. Thanks, Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team + SUSE Labs SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany