Public bug reported: the template file winbind includes a lot of options that should be in /etc/security/pam_winbind.conf.
Putting options in the template overwrites the option in /etc/security/pam_winbind.conf, So, if you want for example to put the krb5cc outside of tmp, you have to modify the file in /usr/share/pam-configs/, than call pam-auth-update. Files in /usr should not be touched by users, so this is not a real solution. The correct place is /etc, in this case the configuration file /etc/security/pam_winbind.conf The file in usr should be like: Name: Winbind NT/Active Directory authentication Default: yes Priority: 192 Auth-Type: Primary Auth: [success=end default=ignore] pam_winbind.so try_first_pass Auth-Initial: [success=end default=ignore] pam_winbind.so Account-Type: Primary Account: [success=end new_authtok_reqd=done default=ignore] pam_winbind.so Password-Type: Primary Password: [success=end default=ignore] pam_winbind.so use_authtok try_first_pass Password-Initial: [success=end default=ignore] pam_winbind.so Session-Type: Additional Session: optional pam_winbind.so whereas the file in /etc/security/pam_winbind.conf should be like this to not change the effective configuration [global] krb5_auth=yes krb5_ccache_type=FILE cached_login=yes ** Affects: samba (Ubuntu) Importance: Undecided Status: New ** Tags: libpam-winbind -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1530929 Title: /usr/share/pam-configs/winbind should not include krb5_ccache_type or other options To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1530929/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs