||<
><>|| = Introduction = Many services (such as the database server) make use of PAM for authentication. In this tutorial, we will be setting up our primary server to use our Active Directory as a source for PAM. = Edit the /etc/pam.d/service file = We need to modify the '''/etc/pam.d/service''' file on our server to make use of the winbind service. We can do that using the following command: {{{ # sudo nano /etc/pam.d/service }}} We need to edit that file to have the following: {{{ ... auth required pam_env.so auth sufficient pam_unix2.so +++ auth required pam_winbind.so use_first_pass account requisite pam_unix2.so +++ account required pam_winbind.so use_first_pass +++ password sufficient pam_winbind.so password requisite pam_pwcheck.so cracklib password required pam_unix2.so use_authtok session required pam_unix2.so +++ session required pam_winbind.so ... }}} Save the file. = Edit the /etc/security/pam_winbind.conf file = We need to modify the '''/etc/security/pam_winbind.conf''' file on our server to configure the winbind service. We can do that using the following command: {{{ # sudo nano /etc/security/pam_winbind.conf }}} We need to edit that file to have the following: {{{ debug = no # Gives debugging output to syslog. Defaults to "no". debug_state = no # Gives detailed PAM state debugging output to syslog. Defaults to "no". require_membership_of = OFFICE.LAN\users # Must be a member of the '''users''' group to access the server. try_first_pass = yes krb5_auth = yes # authenticate using Kerberos and Active Directory krb5_ccache_type = cached_login = no silent = no mkhomedir = yes warn_pwd_expire = 21 }}} Save the file PAM should now authenticate to you Active Directory.