Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
Rogelio J. Baucells
rogelio at ats-corp.com
Wed Oct 24 10:20:03 GMT 2001
I had that problem before and was the "template shell".
Check it is getting that value with:
getent passwd DOMAIN\\username
it should say the shell at the end of the line
Rogelio J.
-----Original Message-----
From: Adam Ranville [mailto:adam at mks.com]
Sent: Wednesday, October 24, 2001 1:16 PM
To: samba at lists.samba.org
Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
I did put the template shell line in before, it hasn't really changed
anything.
/usr/local/samba/lib/smb.conf:
template shell = /bin/bash
I added "session optional /lib/security/pam_mkhomedir.so
umask=0077"
Still no luck, it just pauses then closes the session.
Adam
-----Original Message-----
From: Rogelio J. Baucells [mailto:rogelio at ats-corp.com]
Sent: Wednesday, October 24, 2001 1:04 PM
To: samba at lists.samba.org
Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
Did you change the "template shell" to "bin/bash" or another shell?
If you want to create the home dir on the fly, try this
session optional /lib/security/pam_mkhomedir.so umask=0077
in your system-auth
It is working for me without any problem in my RH 7.0 and 7.1 boxes
Rogelio J.
-----Original Message-----
From: Adam Ranville [mailto:adam at mks.com]
Sent: Wednesday, October 24, 2001 12:45 PM
To: Samba (E-mail)
Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
Well that seems to have moved me one step closer. I now get a
positive authentication not in /var/messages but it just hangs after I
input
the password. Missing a home directory? Invalid shell maybe? I checked
the
logs and I've been getting nothing negative.
Almost there...
Adam
tail /var/log/messages:
Oct 24 12:36:19 hqnis1 pam_winbind[1552]: user 'MKS\adam'
granted
acces
/etc/pam.d/system-auth:
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok md5
shadow use_first_pass
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_unix.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_deny.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok
md5
shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
-----Original Message-----
From: Anthony J. Breeds-Taurima [mailto:tony at cantech.net.au]
Sent: Tuesday, October 23, 2001 10:00 PM
To: Adam Ranville
Cc: Samba (E-mail)
Subject: RE: Winbind, RedHat 7.1, Pam 0.74-22 ohh so close to working
On Tue, 23 Oct 2001, Adam Ranville wrote:
> original file.
Thanks.
> I can access a share without domain\username and it works fine.
Do I
> require domain\(or +) username for telnet? I have tried that as well.
Yes you will need to login as:
DOMAIN\user (or DOMAIN+user)
> With the attempted system-auth it would kick me out right after
> entering the login. It doesn't even prompt for a password. (single
user
got
> me out of it).
>
> Thanks for the help,
>
> Adam
>
> attempted /etc/pam.d/system-auth:
<snip>
> account required /lib/security/pam_deny.so
> account required /lib/security/pam_winbind.so
Like Andrew said swap these 2 lines and you should be happy.
Yours Tony.
/*
* "The significant problems we face cannot be solved at the
* same level of thinking we were at when we created them."
* --Albert Einstein
*/
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list