Re: Windows ADS

From: James Zuelow <e5z8652@zuelow.net>
Date: Tue Jun 20 2006 - 19:44:29 AKDT

On Tuesday 20 June 2006 17:04, Luke D wrote:
> I do want it to make the user account and home directory but I don't want
> to have to manual sync the users.
>

Since you already have Samba authenticating against AD, you're most of the way
there. Winbind can match a username and password. All you need to do is
tell PAM that the authenticated user can log in.

Grab the Samba howto collection and after a quick
`cp -R /etc/pam.d /root/backup-pam.d` hack away at PAM. Basically, you'll
want to put pam_winbind.so into the login, auth and session stanzas.
pam_mkhomedir.so actually makes the user directories.

The howto is here:

http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf

There is a detailed discussion of PAM and winbind at p.578. (Or p.645 in xpdf
speak.) You can probably ignore the compile instructions, since most distros
pre-install pam_winbind.so. Also, at least in Debian, PAM isn't configured
in one monolithic file as shown in the example. There are individual files
for session, etc. The entries are the same though.

Cheers,

James
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jun 20 19:44:54 2006

This archive was generated by hypermail 2.1.8 : Tue Jun 20 2006 - 19:44:54 AKDT