[Samba] winbind and pam and ssh that's pam enabled

David Shapiro David.Shapiro at bcbsnc.com
Wed Feb 15 19:05:06 GMT 2006


Okay,
 
winbind works and I can su - DOMAIN+user now.  When I try to log in
with ssh (pam enabled), however,  I see in the log it accepts my
password, but then the session closes.  My pam.conf has;
 
su      auth            sufficient     
/usr/lib/security/pam_winbind.so
login   auth            sufficient     
/usr/lib/security/pam_winbind.so debug
sshd    auth            sufficient     
/usr/lib/security/pam_winbind.so debug
OTHER   auth            required        /usr/lib/security/pam_aix
 
su      account         sufficient     
/usr/lib/security/pam_winbind.so
login   account         sufficient     
/usr/lib/security/pam_winbind.so debug
sshd    account         sufficient     
/usr/lib/security/pam_winbind.so debug
OTHER   account         required        /usr/lib/security/pam_aix
 
su      password        sufficient     
/usr/lib/security/pam_winbind.so
login   password        sufficient     
/usr/lib/security/pam_winbind.so debug
sshd    password        sufficient     
/usr/lib/security/pam_winbind.so debug
OTHER   password        required        /usr/lib/security/pam_aix
 
sshd    session         sufficient      /usr/lib/security/pam_aix
debug
OTHER   session         required        /usr/lib/security/pam_aix

 
I read that winbind is providing just auth, ccount, and password
capabilities, so I guess pam_aix is what is dropping the session.  Do I
need to do some voodoo to get from auth, account, password to session? 
My /usr/lib/security/methods.cfg file has:
 
NIS:
        program = /usr/lib/security/NIS
        program_64 = /usr/lib/security/NIS_64
 
DCE:
        program = /usr/lib/security/DCE
 
NISPLUS:
        program = /usr/lib/security/NISPLUS
 
KRB5:
        program = /usr/lib/security/KRB5
 
KRB5A:
        program = /usr/lib/security/KRB5A
 
WINBIND:
        program = /usr/lib/security/WINBIND

 
 
 
 
 
David Shapiro
Unix Team Lead
919-765-2011


More information about the samba mailing list