Pam question

Michels, Gustavo [EES/BR] gustavo.michels at emersonenergy.com
Mon Sep 17 10:06:02 GMT 2001 

Hello Rogelio,

I found your post in the thread you mentioned, but I haven't applied the
changes. I was about to use your system-auth file, but as I was deleting
/etc/pam.d/samba and restoring /etc/pam.d/passwd to its original, I noticed
samba and winbind still worked correctly, even without any changes in the
pam files. I am sure all files there are as they were when the server was
first installed. But how is samba stil working, if the pam files does not
contain any references to libnss_winss.so or pam_winbind.so?

Another thing I noticed, logging in via telnet with a local linux user is
taking much longer and if I stop the winbind daemon, telnet logins are as
fast as they should be.

Can you reproduce the same scenario I have here? I am using the latest
samba_2_2 cvs source code, maybe there are some changes there...

Cheers
Gustavo

-----Original Message-----
From: Rogelio J. Baucells [mailto:rogelio at ats-corp.com] 
Sent: segunda-feira, 17 de setembro de 2001 12:09
To: samba at lists.samba.org
Subject: RE: Pam question


Hello Gustavo

You need to change the pam files of the services you want to auth using
winbindd. For example if you want to allo users to login using telnet, you
need to change the '/etc/pam.d/login' file. If you are using RedHat linux
there is a system-auth file that is used by all services. I modified this
file because I wanted to auth all services using winbind (my modification to
this file is posted in a thread called 'Winbindd -- before I send a bug
report'). Test your service while you are logged in the console, because if
you modify a file you are using to log in (login, sshd) and there is a
problem with winbind, you wont be able to log in again.

Rogelio J. Baucells

-----Original Message-----
From: Michels, Gustavo [EES/BR] [mailto:gustavo.michels at emersonenergy.com]
Sent: Monday, September 17, 2001 10:28 AM
To: samba at lists.samba.org
Subject: Pam question


Hello people,

Maybe a simple question, but I can't find any info on the list or the
manpages about this.

I am using the latest samba_2_2 cvs code in linux with winbind working
perfectly. The samba server will act as a file/print server, so the users
just need to be authenticated by the NT PDC.

The winbind manpage says to add these entries in /etc/pam.d/*

auth        required    /lib/security/pam_securetty.so
auth        required    /lib/security/pam_nologin.so
auth        required    /lib/security/pam_winbind.so
auth        required    /lib/security/pam_pwdb.so use_first_pass shadow
nullok
account     required    /lib/security/pam_winbind.so

My question is exactly which file  is this '*' in my case. Which one(s)
should be added/changed in /etc/pam.d? I tried adding a 'samba' file with
these entries as well as using a 'passwd' file with the same entries and
both work. I'd just like to know which one am I supposed to use, or maybe
another one.

Thanks!

Cheers
Gustavo

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list