Hello list, here is the procedure to permit user create in active directory login samba4 server, using pam_winbind
Installing and configuring Ensure that you built Samba 4 with libpam0g-dev installed on your system. If not, install the PAM development libraries and re-compile Samba 4 from the ./configure.developer stage. Install pam_winbind.so in the usual place: 1 ln -s /usr/local/samba/lib/pam_winbind.so /lib/security Ckeck you have a similar entry in smb.conf: [global] template shell = /bin/bash 2. Restart your samba 4 server Note: The following actions can cause you not to be able to connect to your system if you do something wrong. You are invitated to make a backup of your previous configuration and to have a spare connection to the server as root to be able to restore them in case of problem. 3. Files to modify: /etc/pam.d/common-auth Add this line before pam_unix.so: auth sufficient pam_winbind.so Also add the option use_first_pass to the pam_unix.so line /etc/pam.d/common-account Add this line before pam_unix.so: account sufficient pam_winbind.so /etc/pam.d/common-session Add these lines before any other session line: session required pam_mkhomedir.so session required pam_winbind.so Testing Check that getent passwd return a correct entry: getent passwd ... ssh administrator@10.0.100.1 ... It's important that the shell must be a real shell (and not /bin/false). Check that you can connect as a non domain user (ie. root or any other account that used before -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba