Comment 8 for bug 570944

gmoore777 (guy-moore) wrote :

Is this what you need?

$ cd /etc/pam.d
$ cat common-auth common-session-noninteractive common-session common-password common-account | grep -v "^#"

auth [success=2 default=ignore] nullok_secure
auth [success=1 default=ignore] krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
auth requisite
auth required

session [default=1]
session requisite
session required
session required
session optional

session [default=1]
session requisite
session required
session required skel=/etc/skel/ umask=0027
session required
session optional
session optional nox11

password [success=2 default=ignore] obscure sha512
password [success=1 default=ignore] use_authtok try_first_pass
password requisite
password required
password optional

account [success=2 new_authtok_reqd=done default=ignore]
account [success=1 new_authtok_reqd=done default=ignore]
account requisite
account required

Here is the smb.conf, with comments removed and substituted in
<shortDOMAINname>, <MACHINEX>, <DOMAIN> where appropriate.

workgroup = <shortDOMAINname>
security = ADS
password server = <MACHINE1>.<DOMAIN>.com, <MACHINE2>.<DOMAIN>.com
realm = <DOMAIN>.COM
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
idmap backend = idmap_rid:<DOMAIN>=50-9999999999
idmap uid = 50-9999999999
idmap gid = 50-9999999999
allow trusted domains = no
winbind offline logon = true
template shell = /bin/bash
template homedir = /home/%D/%U
winbind normalize names = yes
winbind use default domain = yes
usershare allow guests = yes