Authorize winbind to authenticate users on the server – Using Debian in an Active Directory environment

This will allow AD accounts to logon to the machine. Edit the following files so that they look like this:

# /etc/pam.d/common-account
account    sufficient    pam_winbind.so
account    required    pam_unix.so
# /etc/pam.d/common-auth
auth    sufficient    pam_winbind.so
auth    required    pam_unix.so use_first_pass nullok_secure
# /etc/pam.d/common-session
session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0066
session    sufficient    pam_winbind.so
session required    pam_unix.so

It is critical that “obey pam restrictions” is set to “yes”. in your smb.conf for these pam settings to take effect.
<–Previous Next–>
Menu

This page is part of a series named “Using Debian in an Active Directory environment”. It is meant to be followed in that context.

  1. No comments yet.

  1. No trackbacks yet.

 

Switch to our mobile site