Difference between revisions of "Linux Winbind Setup"

Installation

   sudo pacman -S krb5 samba

/etc/nsswitch.conf

Add winbind to the passwd and group lines like so:

   passwd: files winbind
   group: files winbind
   shadow: files

/etc/krb5.conf

Set the default realm to AD.PUMPINGSTATIONONE.ORG (caps matter)

   [libdefaults]
           default_realm = AD.PUMPINGSTATIONONE.ORG
           dns_lookup_realm = true
           dns_lookup_kdc = true
           ticket_lifetime = 24h
           forwardable = yes

/etc/samba/smb.conf

   [global]
   	workgroup = PS1
   	realm = AD.PUMPINGSTATIONONE.ORG
   	security = ADS
   	encrypt passwords = Yes
   	winbind enum users = Yes
   	winbind enum groups = Yes
   	winbind use default domain = Yes
   	winbind trusted domains only = No
   	winbind nss info = rfc2307
   	idmap config shortdomainname:range = 500-40000
   	idmap config shortdomainname:schema_mode = rfc2307
   	idmap config shortdomainname:backend = ad
   	idmap config *:range = 70001-80000
   	idmap config *:backend = tdb
   	template shell = /bin/bash

/etc/pam.d/system-auth

In Arch, make the following changes to system-auth

   %PAM-1.0
   
   auth      required  pam_env.so
   auth      sufficient  pam_unix.so     try_first_pass nullok
   auth      required  pam_winbind.so use_first_pass use_authtok
   auth      optional  pam_permit.so
   
   account   sufficient  pam_unix.so
   account   sufficient  pam_winbind.so use_first_pass use_authtok
   account   optional  pam_permit.so
   account   required  pam_time.so
   
   password  sufficient  pam_unix.so     try_first_pass nullok sha512 shadow
   password  sufficient  pam_winbind.so use_first_pass use_authtok
   password  optional  pam_permit.so
   
   session   required  pam_mkhomedir.so skel=/etc/skel/ umask=0022
   session   required  pam_limits.so
   session   required  pam_env.so
   session   sufficient  pam_unix.so
   session   sufficient  pam_winbind.so use_first_pass use_authtok
   session   optional  pam_permit.so