Hi,
I am running samba AD DC as virtual machine from host, which is a samba domain member.
I enabled PAM auth using wiki article[1].
My problem is that when host is starting I am unable to login (even as root) to it until DC vm starts and winbindd reestablishes connection to DC.
I want to change auth priority: check for unix user first, and if not found check in AD.
I tried to change /etc/pam.d/system-auth this way:
[DO NOT use - it does not work]
auth [default=ignore] pam_localuser.so auth [success=1 default=die] pam_unix.so nullok auth [default=die] pam_winbind.so auth requisite pam_deny.so auth optional pam_permit.so auth required pam_env.so
account required pam_unix.so account [success=1 default=ignore] pam_localuser.so account required pam_winbind.so account optional pam_permit.so account required pam_time.so
password [default=ignore] pam_localuser.so password [success=1 default=die] pam_unix.so sha512 shadow password [default=die] pam_winbind.so password requisite pam_deny.so password optional pam_permit.so
session required pam_limits.so session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session optional pam_permit.so
but it does not work. Anyone has a working example?
Thanks, Łukasz