FW: apache autheticates through pam/samba, but I get "User accoun
t has expired message"
James Sinnamon
sinnamon at usq.edu.au
Thu Apr 29 08:23:38 GMT 1999
Dear Samba Developers/Users
(I trust that the following does relate to this list. If not,
please accept my apologies)
I am running apache ver 1.3.4 with RedHat Linux ver 5.2, and I wish to have
users logged on to the local NT network be able to authenticate themselves
from the NT Domain Controllers.
To do this, I have done the following :
1. compiled mod_auth_pam into apache
2. Put the following directives into httpd.conf:
<Directory />
AuthPAM_enabled on
Options FollowSymLinks
AllowOverride All
</Directory>
2. Put the following .htaccess file in .../htdocs/test from
which I wish to test the authentication :
AuthName "Test Authentication"
AuthType Basic
require valid-user
3. compiled and installed /lib/security/pam_smb_auth.so
4. Created the following /etc/pam.d/httpd file :
auth required /lib/security/pam_smb_auth.so debug
I supply my username and password when prompted to do so by Netscape
Navigator. The file /var/log/secure shows the following:
Apr 29 17:44:11 turing httpd: pam_smb: Correct NT username/password pair
... this indicates that I have been authenticated by the NT PDC,
however I still get the 'authorization failed' message. When I examined
the error_log file, I saw the following message:
httpd: [Thu Apr 29 17:52:01 1999] [error] access to /test/ failed for \
139.96.38.159, reason: User account has expired
>From examining mod_auth_pam.c, I gather that a call to
pam_authenticate() has succeeded, but the subsequent call to
pam_acct_mgmt() has failed.
... does anyone out there know what is going on here? Is there
anything that I can do at the Linux end to fix this, or does something need
to be done with the NT Domain Controllers?
Thank you
James Sinnamon
More information about the samba-ntdom
mailing list