Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working

Adam Ranville adam at mks.com
Tue Oct 23 09:45:06 GMT 2001


Hello,

	I've attached the config that I was trying to use along with my
original file. 

	I can access a share without domain\username and it works fine. Do I
require domain\(or +) username for telnet? I have tried that as well. 

	With the attempted system-auth it would kick me out right after
entering the login. It doesn't even prompt for a password. (single user got
me out of it).

Thanks for the help,

Adam

attempted /etc/pam.d/system-auth:

auth      sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok md5
shadow use_first_pass
auth        required      /lib/security/pam_deny.so
account     sufficient    /lib/security/pam_unix.so
account     required      /lib/security/pam_deny.so
account     required      /lib/security/pam_winbind.so
password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/pam_deny.so
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so



original /etc/pam.d/system-auth:

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so
 
account     required      /lib/security/pam_unix.so
 
password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/pam_deny.so
 
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so


On Mon, 22 Oct 2001, Adam Ranville wrote:

> Hello,
>
> 	I have gone through the howto provided but I am not yet able to
> logon to my linux box using NT4 domain accounts. I can however
authenticate
> to restricted shares and I can obtain groups and users via "getent" and
> "wbinfo -u". All I really need now is a working /etc/pam.d/login. I've
tried
> examples from the howto as with others from the mailing list but I can not
> seem to get the needed results.
>
> This is a redhat 7.1 install with version 2.2.2 of samba( ./configure
> --with-winbind --with-pam). I've provided my /etc/pam.d/login below and my
> smb.conf.  Any help would be much appreciated.
>
> Thanks in advance,
>
> Adam
> /etc/pam.d/login:
>
> #%PAM-1.0
> auth       required     /lib/security/pam_securetty.so
> auth       required     /lib/security/pam_stack.so service=system-auth
> auth       required     /lib/security/pam_nologin.so
> account    required     /lib/security/pam_stack.so service=system-auth
> password   required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_stack.so service=system-auth
> session    optional     /lib/security/pam_console.so


Can we see the dat in /etc/pam.d/system-auth.  You're statcking the
aith sysytem from there so thats the fil we need to see.

#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so


Also check  that thses files exist.
-rwxr-xr-x   1 root     root        14921 Sep 10 14:11
/lib/libnss_winbind.so
lrwxrwxrwx   1 root     root           17 Sep  4 13:44
/lib/libnss_winbind.so.2 -> libnss_winbind.so
-rwxr-xr-x   1 root     root        13838 Sep 10 14:12
/lib/security/pam_winbind.so


> /usr/local/samba/lib/smb.conf:

<snip>

Looks fine to me.

When you logon to the console makesure you login as:
DOMAIN\user  NOT user

You will probably see errors in the login process as the domain seperator
'\'
has special meaning.  Many people recomend a '+' instead.

Yours Tony.

/*
 * "The significant problems we face cannot be solved at the
 * same level of thinking we were at when we created them."
 * --Albert Einstein
 */




More information about the samba mailing list