How-To authenticate to an NT domain

From Netatalk Wiki
Jump to: navigation, search

Pre-requisites

Winbind

Setup winbind by editing your smb.conf file with these settings:

winbind separator = /
#winbind separator = +
#winbind separator = \
winbind cache time = 10
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
obey pam restrictions = no
winbind nested groups = yes
winbind use default domain = yes
template shell = /bin/bash

Then join the domain:

net rpc join -U<adminstrator> -S<pdc>
/etc/init.d/winbind restart

To check to see if winbind is working:

wbinfo -t
getent passwd
getent group

You should see all the users and groups that are in the domain

PAM

Now to PAM setup. Create a file in the pam.d folder (/etc/pam.d/ or equivilant) called netatalk with this data:

auth       required     pam_winbind.so
account    required     pam_winbind.so
session    required     pam_unix.so

Restart the atalk and winbind service. You should now be able to login with your domain username and password though appletalk and have more than 8 chars ;-)

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox