[Samba] using pam_winbind to authenticate PPP?

David Brodbeck DavidB at mail.interclean.com
Thu Aug 22 09:32:01 GMT 2002 

Got it -- the problem seemed to be the "session" lines in /etc/pam.d/ppp,
which I somehow managed to delete.  Once I filled those in again it started
working.  PAM has to be the easiest service I've seen to misconfigure since
sendmail. ;)

> -----Original Message-----
> From: David Brodbeck [mailto:DavidB at mail.interclean.com]
> Sent: Thursday, August 22, 2002 12:14 PM
> To: 'samba at samba.org'
> Subject: [Samba] using pam_winbind to authenticate PPP?
> 
> 
> I'm trying to set up a Linux-based dialin server on our 
> company network.
> I'd like to have PPP authenticate using winbindd, if 
> possible.  I feel like
> I've almost gotten it to work, but I can't quite get there.  Files:
> 
> /etc/pam.d/ppp:
> 
> #%PAM-1.0
> auth       required     pam_nologin.so
> auth       sufficient   /lib/security/pam_winbind.so
> account    required     /lib/security/pam_winbind.so
> 
> 
> /etc/ppp/pap-secrets:
> 
> # Secrets for authentication using PAP
> # client                server  secret                  IP addresses
> INTERCLEAN\\davidb      *       ""                      *
> 
> My winbindd seperator is "\".  I found through experience 
> that doubling up
> the backslash is necessary in the pap-secrets file, otherwise 
> it complains
> it can't find a secret for the account.
> 
> /etc/ppp/options has the "login" flag turned on, and before 
> changing any PAM
> settings I verified that I could add a local account to 
> pap-secrets, dial
> in, and authenticate with it.
> 
> Here's what happens when I try to dial in with a domain account:
> 
> Aug 22 12:09:00 gatekeeper mgetty[23404]: data dev=ttyS0, pid=23404,
> caller='none'
> , conn='33600/ARQ/V34/LAPM/V42BIS', name='', cmd='/usr/sbin/pppd',
> user='/AutoPPP/
> '
> Aug 22 12:09:00 gatekeeper pppd[23404]: pppd 2.4.1 started by 
> a_ppp, uid 0
> Aug 22 12:09:00 gatekeeper pppd[23404]: Using interface ppp0
> Aug 22 12:09:00 gatekeeper pppd[23404]: Connect: ppp0 <--> /dev/ttyS0
> Aug 22 12:09:03 gatekeeper pam_winbind[23404]: user 
> 'INTERCLEAN\davidb'
> granted ac
> ces
> Aug 22 12:09:03 gatekeeper pam_winbind[23404]: user 
> 'INTERCLEAN\davidb'
> granted ac
> ces
> Aug 22 12:09:03 gatekeeper pppd[23404]: PAP login failure for
> INTERCLEAN\davidb
> Aug 22 12:09:03 gatekeeper pppd[23404]: Connection terminated.
> Aug 22 12:09:03 gatekeeper pppd[23404]: Exit.
> 
> It looks like winbindd is giving the correct response, but 
> PPP isn't buying
> it for some reason.  Any ideas?
> 
> ----------
> 
> David Brodbeck, System Administrator
> InterClean Equipment, Inc.
> Ann Arbor, Michigan
> davidb at mail.interclean.com
> (734) 975-2967 x221
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list