[Samba] pam settings for winbind

[Aaron Bennett]

This is more of a pam question then a samba question, but I thought I'd start here and see if I can get an answer.

I've gotten pam_winbind.so working with gdm (on RHAT 8) using the following /etc/pam.d/gdm file. I've put + signs to show the lines I added I added to the stock RHAT 8 gdm pam def.:

#%PAM-1.0
+ auth sufficient /lib/security/pam_winbind.so
+ auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
+ auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so

I'd also like to configure sshd to use this winbindd. However, this /etc/pam.d/sshd file doesn't work and I can't figure out why. I've put + signs to show the lines I added I added to the stock RHAT 8 sshd pam def.


#%PAM-1.0
+ auth sufficient /lib/security/pam_winbind.so
+ auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
+ account sufficient /lib/security/pam_winbind.so
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so

ideas, solutions, and pointers to a FAQ or some good pam documentation are all appreciated, as I'll be the first to admit that I don't know my ass from my elbow with regards to pam.

--
Aaron Bennett
UNIX Administrator
Franklin W. Olin College of Engineering


--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba