[Samba] winbind/gdm auth failure
Torsten Schröer
T_Schroeer at urz.uni-heidelberg.de
Wed Jul 14 18:31:46 GMT 2004
Dear Samba-Users,
two problems to solve...
1) Trying to authenticate users via pam_winbind against
NT-PDC (samba 3.0.4, Debian GNU Linux 3.0). Got shell login
and ssh working, but won't be able to login via GDM to
gnome or KDE. I do not really understand the difference
between login/ssh module stack and gdm module stack. Log
auth says something queerish:
--- auth.log ---
Jul 14 18:34:43 testserver pam_winbind[17588]: user
'user' granted acces
Jul 14 18:34:43 testserver PAM_unix[17588]: could not
identify user (from getpwnam(user))
Jul 14 18:34:43 testserver gdm[17588]: Couldn't set acct.
mgmt for user
---
whilst winbindd log does tell nothing in particular.
Logging in via ssh or console works properly and grants
system access:
--- auth.log ---
Jul 14 18:39:31 testserver pam_winbind[17588]: user 'user'
granted acces
---
To complete this I give you /etc/pam.d/login and my tries
on /etc/pam.d/gdm:
--- login ---
auth requisite pam_securetty.so
auth requisite pam_nologin.so
auth required pam_env.so
auth sufficient pam_winbind.so
auth required pam_unix.so nullok use_first_pass
account sufficient pam_winbind.so
account required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel
umask=0022
session sufficient pam_winbind.so
session required pam_unix.so
session optional pam_motd.so
session optional pam_mail.so standard noenv
password required pam_unix.so nullok obscure min=4
max=8 md5
---
--- gdm ---
#%PAM-1.0
auth required pam_nologin.so
auth required pam_env.so
auth sufficient pam_winbind.so
auth required pam_unix_auth.so nullok
use_first_pass
account sufficient pam_winbind.so
account required pam_unix_acct.so
password required pam_unix_passwd.so shadow
session sufficient pam_winbind.so
session required pam_unix_session.so
session required pam_limits.so
---
As you can see, almost the same, exept the functionalíty.
2) My second Question is on "How to get apache directive
require group working with pam_auth_smb.so". Everything
seems to be configured well, because using dirctive
"Require user user1 user2 user3" works fine. But changing
to the users group directive, Apache shows Internal
misconfiguration...
Can't explain that to. Apache error log shows the following:
--- error ---
[Wed Jul 14 18:56:55 2004] [error] (2)No such file or
directory: couldn't get group list
[Wed Jul 14 18:56:55 2004] [crit] [client 129.206.123.201]
configuration error: couldn't check access. No groups
file?: /
---
later a while:
--- error ---
Jul 14 20:14:01 apache: No Local authentication done,
relying on other modules for password file entry.
Jul 14 20:14:01 apache: pam_smb: Configuration Data,
Primary pdc, Backup bdc, Domain domain.
Jul 14 20:14:01 apache: pam_smb: Correct NT
username/password pair
---
with pam.d/httpd like this:
--- pam.d/httpd ---
auth required pam_smb_auth.so nolocal debug
account required pam_permit.so
---
But no access to contents just popping one pwdcheck after
the other. Might be something wrong with my module stack!
Hm...
Is anyone familiar with this kind of problem? Any ideas
would be appreciated. Thanks so far,
Torsten Schröer
P.S. NOT SUBSCRIBED. Please email. Thanks.
More information about the samba
mailing list