On Fri, 2006-12-08 at 17:35 -0600, Don Meyer wrote: > Interestingly, I've never modified my /etc/pam.d/samba -- mainly > because I make the modifications in /etc/pam.d/system-auth, so the > AD-based auth can take effect for all services.
Sorry I didn't realize this was about the samba pam conf file specifically, I'd say that for samba pam_winbindd is completely unnecessary, system-auth is the right place for general authentication. > The one slight hiccup I am seeing is for console logins: locally > defined users can log onto the console successfully -- if they use > there AD password, they are accepted on the first password prompt. > > However, if they use their locally defined password (shadow) at the > console, then they are subjected to a second password prompt each time > -- and it doesn't matter whether they enter the local password > correctly on the first prompt, it only matters on the second one. Is > there something about my placement/ordering above that might be > causing this? put the option use_first_pass on the second module in the stack, so that it doesn't ask for a new password, but try with the one provided to the first module. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
