[Samba] Authenticate Linux Session with NT Domain Acct.

Buchan Milne bgmilne at cae.co.za
Fri Dec 6 15:43:51 GMT 2002

Hash: SHA1

> Message: 24
> From: Benjamin Krein <bkrein at pmctechnologies.com>
> To: samba at lists.samba.org
> Organization: PMC Technologies, Inc.
> Date: 05 Dec 2002 11:28:56 -0500
> Subject: [Samba] Authenticate Linux Session with NT Domain Acct.
> Despite configuring winbind and my /etc/pam.d/<files>, I am still unable
> to actually log into a Linux session (ie, at the gdm login screen or
> text login prompt) using my NT domain account.  Here is my
> /etc/pam.d/login file:
> auth       required     /lib/security/pam_securetty.so
> auth       sufficient   /lib/security/pam_winbind.so
> auth       sufficient   /lib/security/pam_unix.so use_first_pass
> auth       required     /lib/security/pam_stack.so service=system-auth
> auth       required     /lib/security/pam_nologin.so
> account    sufficient   /lib/security/pam_winbind.so
> account    required     /lib/security/pam_stack.so service=system-auth
> password   required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_stack.so service=system-auth
> session    optional     /lib/security/pam_console.so

It would be useful if you included your /etc/pam.d/system-auth file. You
 don't have a pam_mkhomedir entry here, so you won't be logged in if
your home directory does not exist.

> NOTE: I can access NT shares using my NT Domain credentials, but that's
> about it.  I can also get group/user info. from the NT domain which
> tells me winbind is communicating with my PDC.  Thanks for any help.

Some more debugging info would be useful, such as whether:

1)'wbinfo -u' returns domain users
2)'wbinfo -g' returns domain groups
3)'getent passwd' includes domain users
4)'getent group' includes domain groups

BTW, Mandrake 9.0 has an option for winbind authentication during
installation, which mostly works out the box (if you enter your domain
name in caps, otherwise you have to create /home/DOMAIN manually).

The file that we use to replace /etc/pam.d/system-auth (so you don't
have to hack any other pam files for winbind auth) is in the samba
source distribution, under packaging/Mandrake. You can also find some
examples for Redhat 8.0 in the tarball which includes my presentation on



- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list