Authorize winbind to authenticate users on the server – Using Debian in an Active Directory environment

This will allow AD accounts to logon to the machine. Edit the following files so that they look like this:

# /etc/pam.d/common-account
account    sufficient    pam_winbind.so
account    required    pam_unix.so

# /etc/pam.d/common-auth
auth    sufficient    pam_winbind.so
auth    required    pam_unix.so use_first_pass nullok_secure

# /etc/pam.d/common-session
session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0066
session    sufficient    pam_winbind.so
session required    pam_unix.so

It is critical that “obey pam restrictions” is set to “yes”. in your smb.conf for these pam settings to take effect.
<–Previous Next–>
Menu

This page is part of a series named “Using Debian in an Active Directory environment”. It is meant to be followed in that context.