On 04/12/2013 06:15 PM, Rowland Penny wrote:
On 12/04/13 17:01, steve wrote:
openSUSE 12.3 clients joined to a Samba4 Domain
Hi everyone
We are using the cifs multiuser option with sec=krb5. This requires
the user to have a ticket cache under /tmp
I know we can get that by using kinit, but I hear rumours that pam
can do it upon successful authentication.
Can anyone point me in the right direction?
Cheers,
Steve
Hi Steve, libpam-script, you need three scripts an auth script to get
the ticket cache, then a script to do something with it when the user
logs in and another to do something when they log out, I seem to have
this working. I tried libpam-mount, but it had a nasty habit of not
removing the mount on log off.
Rowland
Hi Rowland
I may have some good news: with recent versions of pam_krb5 and cifs it
shouldn't be necessary to do anything. You just get the cache when you
go to the share. If you can get that far of course. The reason for our
failure was:
<feel thick>
common-auth has: auth [success=2 default=ignore] pam_krb5.so
minimum_uid=1000000
Our test user was 20000
</feel thick>
So, users in the normal 3000000+ AD range get there fine:)
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
