, Ubuntu , , , Ubuntu Winbind .
/etc/nsswitch.conf:
passwd: compat
group: compat
winbind:
passwd: compat winbind
group: compat winbind
files /etc/nsswitch.conf :
files: dns mdns4_minimal[NotFoud=return] mdns4
ubuntu server 14.04, /etc/nsswitch.conf files: dns mdns4_minimal[NotFoud=return] mdns4 : hosts: files mdns4_minimal [NOTFOUND=return] dns wins : hosts: dns mdns4_minimal[NotFoud=return] mdns4 files
, Ubuntu Winbind ,
getent passwd
getent group
/etc/passwd, , ID smb.conf . .
, , - .
Ubuntu
, ( , ), . Ubuntu PAM Winbind.
-
Ubuntu 10.04 /etc/pam.d/common-session, .. PAM :
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0077
Ubuntu 13.10 /etc/lightdm/lightdm.conf/ :
greeter-show-manual-login=true
Ubuntu 9.10 ( 10.04 - ):
!
/etc/pam.d/common-auth
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok try_first_pass
auth sufficient pam_winbind.so use_first_pass krb5_auth krb5_ccache_type=FILE
auth required pam_deny.so
/etc/pam.d/common-account
account sufficient pam_winbind.so
account required pam_unix.so
/etc/pam.d/common-session
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0077
session optional pam_ck_connector.so nox11
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
/etc/pam.d/common-password
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
|
|
password sufficient pam_winbind.so
password required pam_deny.so
, , Winbind ( 20). :
sudo bash -c "for i in 2 3 4 5; do mv /etc/rc$i.d/S20winbind /etc/rc$i.d/S99winbind; done"
( - 4) :
mv /etc/rc4.d/S20winbind /etc/rc4.d/S99winbind
winbind (, S02winbind). , ls /etc/rc{2,3,4,5}.d/ | grep winbind ( ).
, . .
-
, - , . Winbind . . [global] /etc/samba/smb.conf :
[global]
# -
winbind offline logon = yes
# , 300
winbind cache time = 300
# , , dc,
# ip,
password server = dc
. , /etc/security/pam_winbind.conf 5):
! ! , !
#
# pam_winbind configuration file
#
# /etc/security/pam_winbind.conf
#
[global]
# turn on debugging
debug = no
# request a cached login if possible
# (needs "winbind offline logon = yes" in smb.conf)
cached_login = yes
# authenticate using kerberos
krb5_auth = yes
# when using kerberos, request a "FILE" krb5 credential cache type
# (leave empty to just do krb5 authentication but not have a ticket
# afterwards)
krb5_ccache_type = FILE
# make successful authentication dependend on membership of one SID
# (can also take a name)
;require_membership_of =
silent = yes
/etc/pam.d/gnome-screensaver :
auth sufficient pam_unix.so nullok_secure
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
/etc/pam.d/common-auth:
auth optional pam_group.so
auth sufficient pam_unix.so nullok_secure use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so