[Samba] using pam_winbind to authenticate PPP?
David Brodbeck
DavidB at mail.interclean.com
Thu Aug 22 07:15:01 GMT 2002
I'm trying to set up a Linux-based dialin server on our company network.
I'd like to have PPP authenticate using winbindd, if possible. I feel like
I've almost gotten it to work, but I can't quite get there. Files:
/etc/pam.d/ppp:
#%PAM-1.0
auth required pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so
/etc/ppp/pap-secrets:
# Secrets for authentication using PAP
# client server secret IP addresses
INTERCLEAN\\davidb * "" *
My winbindd seperator is "\". I found through experience that doubling up
the backslash is necessary in the pap-secrets file, otherwise it complains
it can't find a secret for the account.
/etc/ppp/options has the "login" flag turned on, and before changing any PAM
settings I verified that I could add a local account to pap-secrets, dial
in, and authenticate with it.
Here's what happens when I try to dial in with a domain account:
Aug 22 12:09:00 gatekeeper mgetty[23404]: data dev=ttyS0, pid=23404,
caller='none'
, conn='33600/ARQ/V34/LAPM/V42BIS', name='', cmd='/usr/sbin/pppd',
user='/AutoPPP/
'
Aug 22 12:09:00 gatekeeper pppd[23404]: pppd 2.4.1 started by a_ppp, uid 0
Aug 22 12:09:00 gatekeeper pppd[23404]: Using interface ppp0
Aug 22 12:09:00 gatekeeper pppd[23404]: Connect: ppp0 <--> /dev/ttyS0
Aug 22 12:09:03 gatekeeper pam_winbind[23404]: user 'INTERCLEAN\davidb'
granted ac
ces
Aug 22 12:09:03 gatekeeper pam_winbind[23404]: user 'INTERCLEAN\davidb'
granted ac
ces
Aug 22 12:09:03 gatekeeper pppd[23404]: PAP login failure for
INTERCLEAN\davidb
Aug 22 12:09:03 gatekeeper pppd[23404]: Connection terminated.
Aug 22 12:09:03 gatekeeper pppd[23404]: Exit.
It looks like winbindd is giving the correct response, but PPP isn't buying
it for some reason. Any ideas?
----------
David Brodbeck, System Administrator
InterClean Equipment, Inc.
Ann Arbor, Michigan
davidb at mail.interclean.com
(734) 975-2967 x221
More information about the samba
mailing list