[Samba] Problems authenticating Ubuntu 8.04 client (gdm) against
Samba (Ubuntu 8.04) domain server
Jeff LePage
Jeff.LePage at asg.com
Mon Jul 28 15:20:51 GMT 2008
Hello,
Does anyone have a working pam configuration that allows gdm logins? My
current config works with ssh and bash logins. I'd like gdm to work
with usernames like DOMAIN\\USERNAME.
MORE DETAIL:
-------------------
I'm trying to get a Linux client (Ubuntu 8.04) to authenticate against a
Samba domain controller (also Ubuntu8.04). WindowsXP clients work fine
with the samba PDC.
I have managed to get logins to work for ssh and at the bash prompt,
thus:
login: ora\\bob
This works fine, but logging in at the console does NOT work. When I
try to login using gdm, I get a popup that says that "Authentication
failed". This is not the normal error message when logging in as a local
user with incorrect password. This indicates to me that the user
"ORA\\bob" (and all syntactic variations thereof) is being recognized as
a domain user, but the password server is rejecting the user.
The (relevant portions of) smb.conf on the client system are:
#*********
workgroup = ORA # this is my domain name
security = Domain
encrypt passwords = true
password server = samba1 # this is my Ubuntu8.04 samba domain
controller
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
pam password change = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind cache time = 5
winbind enum users = yes
winbind enum groups = yes
##########
My /etc/pam.d/gdm is shown below. Ubuntu separates out certain blocks
into common files that are included in the application specific files.
I have included the includes:
auth requisite pam_nologin.so
auth required pam_env.so readenv=1
auth required pam_env.so readenv=1 envfile=/etc/default/locale
#@include common-auth
auth sufficient pam_winbind.so
auth sufficient pam_unix.so nullok_secure use_first_pass
auth optional pam_smbpass.so migrate missingok
#@include common-auth
auth optional pam_gnome_keyring.so
#@include common-account
account sufficient pam_winbind.so
account required pam_unix.so
#@include common-account
session required pam_limits.so
#@include common-session
session required pam_unix.so
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
#@include common-session
session optional pam_gnome_keyring.so auto_start
#@include common-password
password requisite pam_unix.so nullok obscure md5
password optional pam_smbpass.so nullok use_authtok use_first_pass
missingok
#@include common-password
More information about the samba
mailing list