[Samba] winbind/ windows ad issues FIXED!
Daniel Khan
d.khan at ventigo.com
Sun Sep 4 19:57:24 GMT 2005
Hello List,
Daniel Khan wrote:
> When I try to sign on (su) with a windows account the follwoing happens:
>
> # su dkhan
> su: Authentication service cannot retrieve authentication info.
> (Ignored)
For the archives. I was finally able to solve this problem.
It simply was
1.) a wrong order inside the pams system-auth configuration.
I now have:
# cat /etc/pam.d/system-auth
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_winbind.so debug use_first_pass
auth required pam_deny.so
account sufficient pam_winbind.so debug
account required pam_unix.so
password required pam_cracklib.so retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session optional pam_winbind.so debug
session optional pam_mkhomedir.so
This works fine and even creates the homedir as expected.
2.) a missing smb.conf shell setting for the ad users (which defaulted
to /bin/false)
I added
template shell= /bin/bash
to smb.conf
Now I'm done!
greetings
--
Daniel Khan
More information about the samba
mailing list