Samba Update & PAM Configuration

Latest response

Dear Team,

I'd like to ask for help regarding to a Samba update from version 3.6.9-151.el6 to the Samba release 3.6.19-45.el6 on RHEL6.4. Previous I had a configuration where the file /etc/security/pam_winbind.conf with the following entries

[global]
krb5_auth = yes
krb5_ccache_type = FILE
require_membership_of = AUSTRIA\AD_UX_Users, AUSTRIA\AD_UX_Admins

was used to restrict the access to the host to these two Active Directory groups. Unfortunately the setup routine renamed this file to pam_winbind.conf.rmpsave and the restriction isn't working anymore... I'd be greatful, if anyone can help to suggest a setting with the same funktionality.

Regards, Reinhard

Responses

Have you tried specifying a SID-value in place of the previous NTLM-style UID/GID tokens?

Thanxs for reply! After researching some hours I use the following workarround: Obviously the new Samba ignores the file pam_winbind.conf and the entry obey pam restrictions = yes in smb.conf. Therefore I added these two AD-Groups into the system-auth-ac from pam.d:

auth requisite pam_succeed_if.so user ingroup AD_UX_Users
auth sufficient pam_succeed_if.so user ingroup AD_UX_Admins

Maybe not the correct way, but I'm glad it works!
Regards, Reinhard

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.