Linux Winbind Setup: Difference between revisions

From PS:1 Wiki Dev
Jump to navigationJump to search
Newer edit →
Content deleted Content added
VisualWikitext
creation of winbind setup howto
 
Added pam config
Line 39: Line 39:
idmap config *:range = 70001-80000
idmap config *:range = 70001-80000
idmap config *:backend = tdb
idmap config *:backend = tdb
template shell = /bin/bash
template shell = /bin/bash

== /etc/pam.d/system-auth ==
In Arch, make the following changes to system-auth

#%PAM-1.0
auth required pam_env.so
'''auth sufficient pam_winbind.so'''
auth required pam_unix.so try_first_pass nullok
auth optional pam_permit.so
'''account sufficient pam_winbind.so'''
account required pam_unix.so
account optional pam_permit.so
account required pam_time.so
password required pam_unix.so try_first_pass nullok sha512 shadow
password optional pam_permit.so
'''session required pam_mkhomdir.so'''
'''session required pam_winbind.so'''
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_permit.so

Revision as of 04:22, 27 August 2013

Installation

   sudo pacman -S krb5 samba

/etc/nsswitch.conf

Add winbind to the passwd and group lines like so: 

   passwd: files winbind
   group: files winbind
   shadow: files

/etc/krb5.conf

Set the default realm to AD.PUMPINGSTATIONONE.ORG (caps matter) 

   [libdefaults]
           default_realm = AD.PUMPINGSTATIONONE.ORG
           dns_lookup_realm = true
           dns_lookup_kdc = true
           ticket_lifetime = 24h
           forwardable = yes

/etc/samba/smb.conf

   [global]
   	workgroup = PS1
   	realm = AD.PUMPINGSTATIONONE.ORG
   	security = ADS
   	encrypt passwords = Yes
   	winbind enum users = Yes
   	winbind enum groups = Yes
   	winbind use default domain = Yes
   	winbind trusted domains only = No
   	winbind nss info = rfc2307
   	idmap config shortdomainname:range = 500-40000
   	idmap config shortdomainname:schema_mode = rfc2307
   	idmap config shortdomainname:backend = ad
   	idmap config *:range = 70001-80000
   	idmap config *:backend = tdb
   	template shell = /bin/bash

/etc/pam.d/system-auth

In Arch, make the following changes to system-auth 

   #%PAM-1.0
   
   auth      required  pam_env.so
   auth      sufficient pam_winbind.so
   auth      required  pam_unix.so     try_first_pass nullok
   auth      optional  pam_permit.so
   
   account   sufficient pam_winbind.so
   account   required  pam_unix.so
   account   optional  pam_permit.so
   account   required  pam_time.so
   
   password  required  pam_unix.so     try_first_pass nullok sha512 shadow
   password  optional  pam_permit.so
   
   session   required pam_mkhomdir.so
   session   required pam_winbind.so
   session   required  pam_limits.so
   session   required  pam_env.so
   session   required  pam_unix.so
   session   optional  pam_permit.so
Retrieved from "https://wiki-dev.pumpingstationone.org/mediawiki/index.php?title=Linux_Winbind_Setup&oldid=9740"