On Sun, 25 Nov 2001, Sean Brannon wrote:
> Am I correct in my understanding that with winbindd (and PAM), I am able to
> authenticate PAM aware apps against an NT 4 domain with no passwd entries?
Yes wonce winbindd is correctly setup you can treat NT domain accounts as
local users. assign permissions to files and allow logins.
> If so, how would one get ssh working with this? I've followed the
winbindd
> how-to and haven't been able to ssh into the box with winbindd using an
> account that only resides in the domain (i.e. isn't in the passwd
file).
> Could someone please give me some pointers?
The long and the short of it (okay maybe just the short ;P)
downalod, complile and install samba 2.2.2
more details on the stuff below from: man 8 winbindd
Join thew domain
test with wbinfo -t The checks to see if winbind asn the NT network are
talking properly.
test with wbinfo -u Should give you a list of NT users
test with wbinfo -g Should give you a list of NT groups
Build and install libnss_winbind.so (should have been done as part of yourt
build)
edit /etc/nsswitch to include lines like:
passwd: files winbind
group: files winbind
finger DOMAIN\\USER
^^ Very important, read up on the winbindd seperator arg.
At this point you can use the NT network to set file ownerships etc etc.
To enable login build and install pam_winbindd
This part is OS specific BUT this is what my /etc/pam.d/login looks like:
cat /etc/pam.d/login
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
account required /lib/security/pam_winbind.so
session optional /lib/security/pam_console.so
Then just jump on the console and login as DOMAIN\USER
Cool.
Yours Tony.
/*
* "The significant problems we face cannot be solved at the
* same level of thinking we were at when we created them."
* --Albert Einstein
*/