Authorize winbind to authenticate users on the server – Using Debian in an Active Directory environment | SurlyJake

Authorize winbind to authenticate users on the server – Using Debian in an Active Directory environment

This will allow AD accounts to logon to the machine. Edit the following files so that they look like this:

# /etc/pam.d/common-account
account    sufficient    pam_winbind.so
account    required    pam_unix.so

# /etc/pam.d/common-auth
auth    sufficient    pam_winbind.so
auth    required    pam_unix.so use_first_pass nullok_secure

# /etc/pam.d/common-session
session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0066
session    sufficient    pam_winbind.so
session required    pam_unix.so

It is critical that “obey pam restrictions” is set to “yes”. in your smb.conf for these pam settings to take effect.
<–Previous Next–>
Menu

This page is part of a series named “Using Debian in an Active Directory environment”. It is meant to be followed in that context.

No comments yet.

TrackBack URL

No trackbacks yet.

RSS FEED

Tip Jar

Categories

FreeBSD7 (7)
FreeBSD8 (4)
Linux (28)
- Debian Etch (9)
- Debian Lenny (6)
- Debian Squeeze (1)
- Networking (2)
- Samba (4)
- Ubuntu (6)
- Ubuntu Karmic (2)
MySQL (6)
OpenOffice (1)
Pidgin (1)
shell scripting (4)
Switch Networking (1)
Uncategorized (4)
VMware (1)
windows (8)
- exchange 2007 (2)
Zabbix (2)
ZFS (2)

Copyright

Creative Commons License

The Surlyjake website content is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License

Tip Jar

Switch to our mobile site