Join Linux to Active Directory With Winbind - Page 2

By Carla Schroder | May 3, 2005
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
Continued From Page 1

The use_first_pass argument tells PAM to re-use the previously entered password. This works only for auth and password modules.

session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 is a slick little PAM feature that creates home directories for users on the fly.

This does the same thing on Red Hat: 


#/etc/pam.d/login
auth       required     /lib/security/pam_securetty.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   /lib/security/pam_unix.so use_first_pass
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    required      /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0022
session    optional     /lib/security/pam_console.so
What if you want to authenticate SSH logins via PAM? Do this in /etc/pam.d/ssh: 

auth       required     /lib/security/pam_securetty.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   /lib/security/pam_unix.so
auth       required     /lib/security/pam_pwdb.so use_first_pass
account    sufficient   /lib/security/pam_unix.so
account    required    /lib/security/ pam_winbind.so
session    required     /lib/security/pam_unix.so
session    required     /lib/security/pam_winbind.so
password   required     /lib/security/pam_unix.so
password   required     /lib/security/pam_winbind.so

How to configure other services? As a general rule, stick your pam_winbind.so module next to any existing line that references a standard Linux auth, account, session, or password module. I don't promise that this will always work, but it's a good starting point. Or you can study the PAM documentation. Or wait for my detailed PAM howto.

Make sure that you do not have more than one account that has UID=0 in the password database. If there are two accounts in the passdb backend that have the same UID, winbind will break.

Now you can restart smbd and windbindd and try logging in from a Linux workstation. If you run into trouble look for help in Resources. The Samba mail list archives contain a wealth of excellent information.

Resources

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >