PAM Winbind

Adam Smith adam.smith at sageautomation.com
Thu May 8 13:39:57 CST 2003


I'm trying to get a Red Hat 7.3 box to authenticate against an NT4 Domain,
with little success so far.

So far I have:

1)  Configured Samba 2.2.3 (yes, it needs upgrading...)

2)  Joined the system to the domain

3)  Loaded winbindd

4)  Ran 'getent passwd' which returned both the local accounts and the
domain accounts;  the domain accounts being in the format of SAGE\username

5)  Edited /etc/pam.d/login

Now here's the tricky parts.  I've got a better understanding of the way
PAM works now, but still can't get it to work correctly.

Examples for systems are all different when I search on Google, and I'm at
a loss as to what this file should now look like.

---/etc/pam.d/login---
----------------------
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth   	   sufficient   /lib/security/pam_winbind.so
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

----------------------
The line for pam_winbind.so is where I think it is supposed to
exist.  I'm sure this is not correct, otherwise it would be working, right?
:)

5)  I have tried logging in, getting prompted twice for a password and then
denied access.   I don't appear to be getting anything in
/var/log/messages, either.

I got a FreeBSD 5 system running as a Samba server with authentication (but
hadn't tried getting SSH to authenticate yet.)  I figured I was going
fairly well until this little beastie cropped up on me.

What should the login file look like?

-- 
Adam Smith
Information Technology Officer
SAGE Automation Ltd.

adam.smith at sageautomation.com
http://www.sageautomation.com

"Just a friendly wave each morning.."
    - Neighbours

-- 
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
To unsubscribe from the LinuxSA list:
  mail linuxsa-request at linuxsa.org.au with "unsubscribe" as the subject



More information about the linuxsa mailing list