thr3ads.net - samba - [Samba] authentication to ADS via Kerberos at login? [Jun 2003]

If this information is useful, please help other people find it:
Share via:

Tim Jordan

2003-Jun-27 19:12 UTC

[Samba] authentication to ADS via Kerberos at login?

Hello Andrew,

I'm a little stuck with my login authentication for my Samba 3 box. 
 With the new features in Samba 3 - Should I be able to provide 
username@domain & password at login that would authenticate me against 
our W2K ADS PDC and obtain my kerberos ticket?

Please advise on the suggested way to authenticate against our Active 
Directory domain at login if I'm way off base on this one.

I have included my /etc/pam.d/login & system-auth for your review.

Thank you very much,
Tim


/etc/pam.d/login
#%PAM-1.0

auth       required    /lib/security/pam_stack.so service=system-auth
auth       required    /lib/security/pam_securetty.so
auth       required    /lib/security/pam_nologin.so
account    sufficient     /lib/security/pam_winbind.so
account    required    /lib/security/pam_pwdb.so
password   required    /lib/security/pam_cracklib.so
password   required    /lib/security/pam_pwdb.so shadow nullok use_authtok
session    required    /lib/security/pam_pwdb.so
session    required     /lib/security/pam_mkhomedir.so skel=/etc/skel 
umask=0022

*******************************************************************
/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_krb5.so use_first_pass
auth        sufficient    /lib/security/pam_ldap.so use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
account     [default=bad success=ok user_unknown=ignore 
service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
account     [default=bad success=ok user_unknown=ignore 
service_err=ignore system_err=ignore] /lib/security/pam_krb5.so

password    required      /lib/security/pam_cracklib.so retry=3 typepassword   
sufficient    /lib/security/pam_unix.so nullok use_authtok
password    sufficient    /lib/security/pam_krb5.so use_authtok
password    sufficient    /lib/security/pam_ldap.so use_authtok
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_krb5.so
session     optional      /lib/security/pam_ldap.so
**********************************************************************

Possibly Parallel Threads

Search for more possibly parallel threads

samba - Jun 2003 - authentication to ADS via Kerberos at login?

[Samba] authentication to ADS via Kerberos at login?

Possibly Parallel Threads

Wisdom of the Ancients