[Samba] using pam_winbind to authenticate PPP?

David Brodbeck DavidB at mail.interclean.com
Thu Aug 22 07:15:01 GMT 2002 

I'm trying to set up a Linux-based dialin server on our company network.
I'd like to have PPP authenticate using winbindd, if possible.  I feel like
I've almost gotten it to work, but I can't quite get there.  Files:

/etc/pam.d/ppp:

#%PAM-1.0
auth       required     pam_nologin.so
auth       sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_winbind.so


/etc/ppp/pap-secrets:

# Secrets for authentication using PAP
# client                server  secret                  IP addresses
INTERCLEAN\\davidb      *       ""                      *

My winbindd seperator is "\".  I found through experience that doubling up
the backslash is necessary in the pap-secrets file, otherwise it complains
it can't find a secret for the account.

/etc/ppp/options has the "login" flag turned on, and before changing any PAM
settings I verified that I could add a local account to pap-secrets, dial
in, and authenticate with it.

Here's what happens when I try to dial in with a domain account:

Aug 22 12:09:00 gatekeeper mgetty[23404]: data dev=ttyS0, pid=23404,
caller='none'
, conn='33600/ARQ/V34/LAPM/V42BIS', name='', cmd='/usr/sbin/pppd',
user='/AutoPPP/
'
Aug 22 12:09:00 gatekeeper pppd[23404]: pppd 2.4.1 started by a_ppp, uid 0
Aug 22 12:09:00 gatekeeper pppd[23404]: Using interface ppp0
Aug 22 12:09:00 gatekeeper pppd[23404]: Connect: ppp0 <--> /dev/ttyS0
Aug 22 12:09:03 gatekeeper pam_winbind[23404]: user 'INTERCLEAN\davidb'
granted ac
ces
Aug 22 12:09:03 gatekeeper pam_winbind[23404]: user 'INTERCLEAN\davidb'
granted ac
ces
Aug 22 12:09:03 gatekeeper pppd[23404]: PAP login failure for
INTERCLEAN\davidb
Aug 22 12:09:03 gatekeeper pppd[23404]: Connection terminated.
Aug 22 12:09:03 gatekeeper pppd[23404]: Exit.

It looks like winbindd is giving the correct response, but PPP isn't buying
it for some reason.  Any ideas?

----------

David Brodbeck, System Administrator
InterClean Equipment, Inc.
Ann Arbor, Michigan
davidb at mail.interclean.com
(734) 975-2967 x221

More information about the samba mailing list