Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working

Rogelio J. Baucells rogelio at ats-corp.com
Wed Oct 24 10:20:03 GMT 2001


I had that problem before and was the "template shell".

Check it is getting that value with:

getent passwd DOMAIN\\username

it should say the shell at the end of the line


Rogelio J.

-----Original Message-----
From: Adam Ranville [mailto:adam at mks.com]
Sent: Wednesday, October 24, 2001 1:16 PM
To: samba at lists.samba.org
Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working



I did put the template shell line in before, it hasn't really changed
anything.
/usr/local/samba/lib/smb.conf:
template shell = /bin/bash

I added "session     optional      /lib/security/pam_mkhomedir.so
umask=0077"

Still no luck, it just pauses then closes the session.

Adam
-----Original Message-----
From: Rogelio J. Baucells [mailto:rogelio at ats-corp.com]
Sent: Wednesday, October 24, 2001 1:04 PM
To: samba at lists.samba.org
Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working


Did you change the "template shell" to "bin/bash" or another shell?

If you want to create the home dir on the fly, try this

session     optional      /lib/security/pam_mkhomedir.so umask=0077

in your system-auth

It is working for me without any problem in my RH 7.0 and 7.1 boxes

Rogelio J.

-----Original Message-----
From: Adam Ranville [mailto:adam at mks.com]
Sent: Wednesday, October 24, 2001 12:45 PM
To: Samba (E-mail)
Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working


	Well that seems to have moved me one step closer. I now get a
positive authentication not in /var/messages but it just hangs after I
input
the password. Missing a home directory? Invalid shell maybe? I checked
the
logs and I've been getting nothing negative.

Almost there...

Adam

tail /var/log/messages:
	Oct 24 12:36:19 hqnis1 pam_winbind[1552]: user 'MKS\adam'
granted
acces  


/etc/pam.d/system-auth:

auth      sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok md5
shadow use_first_pass
auth        required      /lib/security/pam_deny.so
account     sufficient    /lib/security/pam_unix.so
account     sufficient  /lib/security/pam_winbind.so
account     required      /lib/security/pam_deny.so
password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok
md5
shadow
password    required      /lib/security/pam_deny.so
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so


-----Original Message-----
From: Anthony J. Breeds-Taurima [mailto:tony at cantech.net.au]
Sent: Tuesday, October 23, 2001 10:00 PM
To: Adam Ranville
Cc: Samba (E-mail)
Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working


On Tue, 23 Oct 2001, Adam Ranville wrote:

> original file. 

Thanks.
 
> 	I can access a share without domain\username and it works fine.
Do I
> require domain\(or +) username for telnet? I have tried that as well. 

Yes you will need to login as:
DOMAIN\user   (or DOMAIN+user)
 
> 	With the attempted system-auth it would kick me out right after
> entering the login. It doesn't even prompt for a password. (single
user
got
> me out of it).
> 
> Thanks for the help,
> 
> Adam
> 
> attempted /etc/pam.d/system-auth:

<snip>

> account     required      /lib/security/pam_deny.so
> account     required      /lib/security/pam_winbind.so

Like Andrew said swap these 2 lines and you should be happy.

Yours Tony.

/*
 * "The significant problems we face cannot be solved at the 
 * same level of thinking we were at when we created them."
 * --Albert Einstein
 */

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list