PAM and NSS Winbind Options

Getting the Winbind daemon up and running is only part of the configuration required on the domain member server. Once Winbind is functioning, you must configure PAM and NSS to use Winbind to authenticate users and return additional account information to programs that need it. These tasks are handled by special modules and configuration of these two subsystems. You may also want to configure Linux to create home directories automatically when they don’t exist.

NSS and PAM Winbind Modules

PAM and NSS both rely on modules to interface with Winbind. These module files, pam_winbind.so and libnss_winbind.so , are usually installed as part of a Samba package, such as samba-common. The pam_winbind.so file usually appears in /lib/security or /usr/lib/security. The libnss_winbind.so file usually resides in /lib and is linked to another file, libnss_winbind.so.2 (either file may be a symbolic link to the other).

If you’ve installed Samba from source code, you may need to install these libraries independently. The source code appears in the source/nsswitch subdirectory of the Samba source code package, and the compiled libraries should appear there after you build the main Samba package. (These files appear only if you select the --with-pam configure option.) Copy the files to appropriate directories, and create an appropriate link for the libnss_winbind.so file. You can then type ldconfig to force Linux to reexamine the library directories and register the new ...

Get Linux in a Windows World now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.