How-To authenticate to an NT domain
- You need Netatalk's PAM UAM modules. In most cases your distribution should have take care of this.
- You also need winbind which is a part of Samba.
Setup winbind by editing your smb.conf file with these settings:
winbind separator = / #winbind separator = + #winbind separator = \ winbind cache time = 10 idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes obey pam restrictions = no winbind nested groups = yes winbind use default domain = yes template shell = /bin/bash
Then join the domain:
net rpc join -U<adminstrator> -S<pdc> /etc/init.d/winbind restart
To check to see if winbind is working:
wbinfo -t getent passwd getent group
You should see all the users and groups that are in the domain
Now to PAM setup. Create a file in the pam.d folder (/etc/pam.d/ or equivilant) called netatalk with this data:
auth required pam_winbind.so account required pam_winbind.so session required pam_unix.so
Restart the atalk and winbind service. You should now be able to login with your domain username and password though appletalk and have more than 8 chars ;-)