samba - Nov 2024 - Linux desktop setup with authentication against Samba AD DC

On Sat, 30 Nov 2024 17:14:24 +0100
Peter Milesson via samba <samba at lists.samba.org> wrote:
> Hi Rowland,
> 
> I got it working under Archlinux also. Most of the work was looking
> up how to configure PAM with the pam_winbind and pam_krb5 modules.
> Not very well documented.
If by 'pam_krb5' you are referring to libpam-krb5, you do not require
it, winbind will do it for you.
> 
> There is a Wiki page about setting up AD integration, but it would
> imply moving the Kerberos cache file, which would break everything
> dependent on Kerberos tickets.
Which wiki page is this ?

Rowland

On 30.11.2024 17:26, Rowland Penny via samba wrote:
> On Sat, 30 Nov 2024 17:14:24 +0100
> Peter Milesson via samba <samba at lists.samba.org> wrote:
>
>> Hi Rowland,
>>
>> I got it working under Archlinux also. Most of the work was looking
>> up how to configure PAM with the pam_winbind and pam_krb5 modules.
>> Not very well documented.
> If by 'pam_krb5' you are referring to libpam-krb5, you do not
require
> it, winbind will do it for you.
>
>> There is a Wiki page about setting up AD integration, but it would
>> imply moving the Kerberos cache file, which would break everything
>> dependent on Kerberos tickets.
> Which wiki page is this ?
>
> Rowland
>
>
Hi Rowland,

I haven't a deep knowledge of what packages are sufficient, and which 
ones are superfluous. I will test the setup without libpam-krb5.

About the wiki page, it's Archlinux' AD integration page on 
https://wiki.archlinux.org/title/Active_Directory_integration. I really 
didn't follow it, and used what I set up on Debian instead. The 
Archlinux pam_winbind.conf example will probably break most kerberized 
applications, as the place of the Kerberos ticket cache is non standard. 
It would be necessary to configure all applications using cached 
Kerberos tickets in that case. Even Archlinux puts the Kerberos ticket 
cache in /tmp default. Defaults are there for some reason...

Best regards,

Peter