[Samba] two problems with pam authentication

christoph christoph at scheeder.de
Tue Jun 22 12:55:40 GMT 2004 

Hi,
winbindd is irealy called 2 times, and that is normal,
once it is called to verify the user has a correct lpassword,
second to verify he has a vallid account.
and pam_mkhomedir is complaining about the space-caracter between the 
strings "skel=" and "/etc/skel/".
this should read "skel=/etc/skel/"
Christoph

31sahibzada at niit.edu.pk schrieb:
> Hi,
> 
> 
>    my etc/pam.d/login file is given at the end.
> 
>  i am using winbind and single sign on is working now. on the fly
> directory creation also works.
> 
>  when i check the /var/log/messages  i have this error in there
> 
> 1.Jun 23 05:40:46 niit158VM pam_winbind[1696]: user 'linwin/zubair'granted
>  acces
> 
> 2.Jun 23 05:40:46 niit158VM pam_winbind[1696]: user 'linwin/zubair'
> granted acces
> 
> 3.Jun 23 05:40:46 niit158VM PAM-mkhomedir[1696]: unknown option; /etc/skel/
> 
> 4.Jun 23 05:40:46 niit158VM  -- LINWIN/zubair[1696]: LOGIN ON tty1 BY
> LINWIN/zubair
> 
> 
> now why is winbind being called twice?i have it only once in the
> authentication section of the login file. i do have it in others sections
> too.
> 
> secondly why is it giving this unknown option error. every time a new user
> logings the directory is created on the fly.so where is this error coming
> from.
> 
> 
> ok this was the first problem.
> 
> now the second problem is when the root logins.
> 
> here is what the /var/log/messages have for us
> 
> Jun 23 06:00:37 niit158VM pam_winbind[1834]: request failed: No such user,
> PAM error was 10, NT error was NT_STATUS_NO_SUCH_USER
> Jun 23 06:00:37 niit158VM pam_winbind[1834]: user 'root' granted acces
> Jun 23 06:00:37 niit158VM PAM-mkhomedir[1834]: unknown option; /etc/skel/
> Jun 23 06:00:37 niit158VM  -- root[1834]: ROOT LOGIN ON tty1
> 
> 
> now look at this. first winbind tries it for user root and fails.
> 
> and in the second line again winbind tries and user root is granted
> access. there is no user named root in active directory. how is winbind
> being able to authenticate root?
> 
> here is my login file
> 
> #%PAM-1.0
> auth       required     pam_env.so
> auth       required     pam_securetty.so
> auth       sufficient   pam_winbind.so
> auth       required     pam_pwdb.so shadow use_first_pass
> 
> 
> account    sufficient   pam_winbind.so
> account    required     pam_stack.so service=system-auth
> 
> password   sufficient   pam_winbind.so
> password   required     pam_stack.so service=system-auth
> 
> 
> session    sufficient   pam_mkhomedir.so skel= /etc/skel/ umask=0022
> session    required     pam_stack.so service=system-auth
> 
> 
> 
> 
> Sahibzada Junaid Noor
> Ph#(+92) (051) 5950 940
> Cell#(+92) (0333) 5223586
> Qazi plaza,Third Floor,Commerical Market,
> Chaklala Scheme 3,
> Rawalpindi
> Islamic Republic of Pakistan
>

More information about the samba mailing list