[Samba] Solaris Winbind LDAP pam_mkhomedir.so
Sapan.Ganguly at thalesgroup.com
Wed Dec 17 16:43:15 GMT 2003
OK, I definitely know that winbind is working now, I tried logging in at the
console and a message comes up -
Pam_winbind: user 'nt_user' granted access
But that is as far as it goes, I don't get a shell prompt. I eventually
have to do a 'stop + A' and reboot the machine, from now on I'll do a
'telnet localhost' to test it.
Here is what my pam.conf looks like, can you see any errors?
#ident "@(#)pam.conf 1.20 02/01/23 SMI"
# Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# PAM configuration
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
# Authentication management
# login service (explicit because of pam_dial_auth)
login auth requisite pam_authtok_get.so.1
login auth sufficient pam_dhkeys.so.1
login auth sufficient pam_unix_auth.so.1
login auth sufficient pam_dial_auth.so.1
login auth sufficient /usr/lib/security/pam_winbind.so.1
# rlogin service (explicit because of pam_rhost_auth)
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth sufficient pam_dhkeys.so.1
rlogin auth sufficient pam_unix_auth.so.1
rlogin auth sufficient /usr/lib/security/pam_winbind.so.1
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
# PPP service (explicit because of pam_dial_auth)
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authenctication
other auth requisite pam_authtok_get.so.1
other auth sufficient pam_dhkeys.so.1
other auth sufficient pam_unix_auth.so.1
other auth sufficient /usr/lib/security/pam_winbind.so.1
# passwd command (explicit because of a different authentication module)
passwd auth required pam_passwd_auth.so.1
# cron service (explicit because of non-usage of pam_roles.so.1)
cron account required pam_projects.so.1
cron account required pam_unix_account.so.1
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
other account requisite pam_roles.so.1
other account sufficient pam_projects.so.1
other account sufficient pam_unix_account.so.1
other account sufficient /usr/lib/security/pam_winbind.so.1
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
other session required pam_unix_session.so.1
other session sufficient /usr/lib/security/pam_winbind.so.1
#other session sufficient /usr/lib/security/pam_mkhomedir.so.1
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#rlogin auth optional pam_krb5.so.1 try_first_pass
#login auth optional pam_krb5.so.1 try_first_pass
#other auth optional pam_krb5.so.1 try_first_pass
#cron account optional pam_krb5.so.1
#other account optional pam_krb5.so.1
#other session optional pam_krb5.so.1
#other password optional pam_krb5.so.1 try_first_pass
From: Ganguly, Sapan [mailto:Sapan.Ganguly at thalesgroup.com]
Sent: 15 December 2003 08:23
To: 'samba at lists.samba.org'
Cc: 'samba at samba.org'
Subject: [Samba] Solaris Winbind LDAP pam_mkhomedir.so
How do I test whether I have access to my winbind LDAP backend from my
Solaris 9 machine? My LDAP database is held on a Redhat 9.0 machine also
running Samba 3.0.0.
I know winbind works because getent and wbinfo show up my NT users and
I would also like to have people log into my Solaris 9 machine with their NT
usernames, I have this working on Redhat already but Solaris is proving to
be a little more tricky. I've copied a pam.conf from another post on this
mailing list but when I try to log in with an NT user name the process just
hangs after I type the password. I don't see anything in the logs either.
I would also like to use pam_mkhomedir.so in my pam.conf so that when people
log in a home directory is automatically created but that's not going to
work until I can actually log in anyway.
It was easy under Redhat.
Does anyone have any advice? I'm going to look a bit silly if I can't make
To unsubscribe from this list go to the following URL and read the
More information about the samba