I'm having a heck of a time getting my 3.0.10 install to authenticate users
with krb5. Couple of things:
1) First off, after my --with-pam installation, I didn't have a
/etc/pam.d/samba file, which was a little disconcerting. Figured maybe its
no big deal, I'll just make my own. I couldn't find any good examples
unfortunately, so here is what I pieced together:
auth required pam_krb5.so
account required pam_krb5.so
session required pam_krb5.so
password required pam_krb5.so
2) Then I added "obey pam restrictions = yes" to my smb.conf.
3) I sit down at a Windows box, get a ticket from my Heimdal KDC, try to
connect to my samba share, and I get prompted for a password. Obviously
this wasn't the desired effect. At least samba is actually running and
responding, just not the way I had hoped.
Couple of questions I guess.
Do I need to set up anything special in my samba server's krb5.keytab? It
currently just has a host/FQDN entry.
Did I bungle the pam.d/samba file?
Is there something else I need to do to make samba use PAM (specifically,
the krb5 module)? I'm not using LDAP or ADS, just Kerberos.
Thanks a bunch.
