AD6380+SMB3LAB26$:x:10006:10002:SMB3LAB26:/home/AD6380+SMB3LAB26_:/bin/bash
Because of the way that winbind works (namely handing out the first uid in the
range to the first domain user it has to authenticate and then storing the
mapping), the mapping between domain user and uid will not be the same on all
clients. This leads to problems if the clients are using shared file system bases
on NFS.
Important:
When winbind fails because the Kerberos connection is lost
because of time skew, the daemon has to be restarted after fixing the time
skew.
The winbind daemon will translate users and generate home directories and
shells. These home directories are not created by winbind. How to do this is
shown in 7.3.3, Winbind and home directories on page 141.
Using the winbind daemon will create the connection to the domain for
translating users. To enable domain users to log onto the Linux client we need a
change in the PAM configuration, as shown in the next section.
7.3 How to authenticate users against the domain using
PAM
Once the Linux client is part of a domain (as described in 7.1, How to join a
Windows domain on page 134) and knows about the domain accounts (as
described in 7.2, How to use winbind to make domain users known locally on
page 136) we can configure the system to allow domain accounts to log on.
Pluggable Authentication Modules (PAM) is a system for abstracting
authentication and authorization technologies. Using PAM modules it is possible
to change the way applications authenticate or authorize accounts without
having to recompile the application.
In most distributions the configuration of PAM is governed by files in /etc/pam.d/.
Usually there is one file per application. So changing authentication modes for an
application is as simple as adding a corresponding module to the config file.
Since the PAM implementation of Linux distribution differs we look at our test
distributions in detail.
Chapter 7. Integration how tos
139
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved