[Samba] winbind pam.d cofigurations
Elshair, Ferras
elshair at uillinois.edu
Tue Nov 26 00:26:01 GMT 2002
Hello,
I currently have samba configured with winbind so that I can login using NT
authentication with my domain controller. Winbind is working perfectly
with the domain, I have /etc/pam.d/login configured perfectly and I can
login through the console.etc..
However, when I try to use passwd, it doesn't prompt for a new password, it
does this:
bash-2.05b$ passwd
Changing password for user ELSHAIR.
passwd: Authentication token manipulation error
bash-2.05b$
Here is my system auth-file:
# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
use_first_pass
auth required /lib/security/pam_deny.so
account sufficient /lib/secutiry/pam_winbind.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so[
My /etc/pam.d/passwd file is as follows:
bash-2.05b$ cat /etc/pam.d/passwd
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
What exactly do I need to change in passwd or system-auth so that a domain
user can change his or her password in linux and for it to update the
password in the domain controller. Please reply with an example of how the
entire file should be like. It tends to be a bit confusing when someone
says "the auth line should be so and so" because there are so many auth
lines.
Also, I am having problems getting domain users to login through ssh, my
/etc/pam.d/sshd file is this:
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
I have tried using the same configuration of /etc/pam.d/login (which works
for console login and telnet) but it doesn't seem to work with ssh.
/var/log/messages doesn't show any login attempts what so ever when I use
the aits+domainUser as login. But obviously when I use a normal user, it
does display the login attempt in the log.
If anyone knows how to configure the /etc/pam.d/sshd to work with domain
logins, I would appreciate that too. Please include an example of the whole
file.
Thanks,
Ferras Elshair
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the samba
mailing list