winbind authentication the module has to be added to the configuration file in 
/etc/pam.d.
We take the configuration file for sshd as an example. After incorporating the 
pam_winbind.so module the file looks like Example 7 9.
Example 7 9   Configuration file /etc/pam.d/sshd after incorporating winbind
#%PAM 1.0
auth sufficient
pam_winbind.so
auth
required     
pam_unix2.so use_first_pass # set_secrpc
auth
required        pam_nologin.so
auth
required        pam_env.so
account required 
pam_unix2.so
account
sufficient
pam_winbind.so
account
required
pam_nologin.so
password required pam_pwcheck.so
password required pam_unix2.souse_first_pass 
use_authtok
session
required 
pam_unix2.sonone # trace or debug
session
required pam_limits.so
For every PAM enabled application that you want to enable for domain users, 
both the auth and account line for pam_winbind.so have to be added (before the 
nologin lines). Also to prevent a double password prompt the parameter 
use_first_pass should be added to any pam module needing a password in the 
configuration file apart from the pam_winbind.so module.
7.3.3  Winbind and home directories
Winbind enabled users do not exist on the client locally. The winbind 
configuration in /etc/samba/smb.conf tells the system which shell to use and 
where the home directory of the user is located (this function is performed by the 
/etc/passwd file for local users). However the home directory is not created by 
winbind. 
This problem can be solved in a number of ways:
Create all possible home directories (empty) on all clients.
Create all home directories on a server file system that is mounted on all 
clients (either through SMB or NFS).
Use the pam_mkhomedir.so module to create a home directory at first logon.
The first two options seem straightforward to implement but lead to management 
issues every time a user is added to the domain. The last option is seen as a 
best practice and consists of adding a line to the PAM configuration files that will 
 Chapter 7. Integration how tos 
141






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

spain web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved