[Samba] Problem with winbind: PAM
George Lenzer
George.Lenzer at cpl.org
Wed Dec 4 16:19:01 GMT 2002
OK. Forget what I just sent. Somehow, I managed to add a character to
my domain while I was looking at the smb.conf file in emacs. Once I
changed that, getent now works for me. My problem was symlink. Somehow
I misread the instructions and created /lib/libnss_winbind.2 instead of
/lib/libnss_winbind.so.2.
So now onto my new problem... this is most definitely PAM related. When
I try to log into a console session using one of the domain accounts, it
looks like it does get authorized, but 'login' doesn't allow me in.
Here is my 'login' file from /etc/pam.d:
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
session optional /lib/security/pam_mkhomedir.so
And my system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shado
w
password required /lib/security/pam_deny.so
session required /lib/security/pam_mkhomedir.so umask=0022
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
I've modified both files based on info that I've found on the net in
various locations. I think something must be wrong because I now get
prompted for passwords twice when I try to log on to an X session or su
to root either in X or at the console. Someone on one of the sites I
was looking at made a suggestion to add 'pam_unix' to a few spots to fix
this. I didn't have the problem UNTIL I added the additional lines.
And I'm not 100% sure if the pam_unix lib is really the culprit for the
double password.
Thanks,
George
More information about the samba
mailing list