Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
Adam Ranville
adam at mks.com
Tue Oct 23 09:45:06 GMT 2001
Hello,
I've attached the config that I was trying to use along with my
original file.
I can access a share without domain\username and it works fine. Do I
require domain\(or +) username for telnet? I have tried that as well.
With the attempted system-auth it would kick me out right after
entering the login. It doesn't even prompt for a password. (single user got
me out of it).
Thanks for the help,
Adam
attempted /etc/pam.d/system-auth:
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok md5
shadow use_first_pass
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_deny.so
account required /lib/security/pam_winbind.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
original /etc/pam.d/system-auth:
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
On Mon, 22 Oct 2001, Adam Ranville wrote:
> Hello,
>
> I have gone through the howto provided but I am not yet able to
> logon to my linux box using NT4 domain accounts. I can however
authenticate
> to restricted shares and I can obtain groups and users via "getent" and
> "wbinfo -u". All I really need now is a working /etc/pam.d/login. I've
tried
> examples from the howto as with others from the mailing list but I can not
> seem to get the needed results.
>
> This is a redhat 7.1 install with version 2.2.2 of samba( ./configure
> --with-winbind --with-pam). I've provided my /etc/pam.d/login below and my
> smb.conf. Any help would be much appreciated.
>
> Thanks in advance,
>
> Adam
> /etc/pam.d/login:
>
> #%PAM-1.0
> auth required /lib/security/pam_securetty.so
> auth required /lib/security/pam_stack.so service=system-auth
> auth required /lib/security/pam_nologin.so
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> session optional /lib/security/pam_console.so
Can we see the dat in /etc/pam.d/system-auth. You're statcking the
aith sysytem from there so thats the fil we need to see.
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
Also check that thses files exist.
-rwxr-xr-x 1 root root 14921 Sep 10 14:11
/lib/libnss_winbind.so
lrwxrwxrwx 1 root root 17 Sep 4 13:44
/lib/libnss_winbind.so.2 -> libnss_winbind.so
-rwxr-xr-x 1 root root 13838 Sep 10 14:12
/lib/security/pam_winbind.so
> /usr/local/samba/lib/smb.conf:
<snip>
Looks fine to me.
When you logon to the console makesure you login as:
DOMAIN\user NOT user
You will probably see errors in the login process as the domain seperator
'\'
has special meaning. Many people recomend a '+' instead.
Yours Tony.
/*
* "The significant problems we face cannot be solved at the
* same level of thinking we were at when we created them."
* --Albert Einstein
*/
More information about the samba
mailing list