Hello List,
Daniel Khan wrote:
When I try to sign on (su) with a windows account the follwoing happens:
# su dkhan
su: Authentication service cannot retrieve authentication info.
(Ignored)
For the archives. I was finally able to solve this problem.
It simply was
1.) a wrong order inside the pams system-auth configuration.
I now have:
# cat /etc/pam.d/system-auth
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_winbind.so debug use_first_pass
auth required pam_deny.so
accountsufficient pam_winbind.so debug
accountrequired pam_unix.so
password required pam_cracklib.so retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password required pam_deny.so
sessionrequired pam_limits.so
sessionrequired pam_unix.so
sessionoptional pam_winbind.so debug
sessionoptional pam_mkhomedir.so
This works fine and even creates the homedir as expected.
2.) a missing smb.conf shell setting for the ad users (which defaulted
to /bin/false)
I added
template shell= /bin/bash
to smb.conf
Now I'm done!
greetings
--
Daniel Khan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
