I'm trying to set up a Linux-based dialin server on our company network. I'd like to have PPP authenticate using winbindd, if possible. I feel like I've almost gotten it to work, but I can't quite get there. Files: /etc/pam.d/ppp: #%PAM-1.0 auth required pam_nologin.so auth sufficient /lib/security/pam_winbind.so account required /lib/security/pam_winbind.so /etc/ppp/pap-secrets: # Secrets for authentication using PAP # client server secret IP addresses INTERCLEAN\\davidb * "" * My winbindd seperator is "\". I found through experience that doubling up the backslash is necessary in the pap-secrets file, otherwise it complains it can't find a secret for the account. /etc/ppp/options has the "login" flag turned on, and before changing any PAM settings I verified that I could add a local account to pap-secrets, dial in, and authenticate with it. Here's what happens when I try to dial in with a domain account: Aug 22 12:09:00 gatekeeper mgetty[23404]: data dev=ttyS0, pid=23404, caller='none' , conn='33600/ARQ/V34/LAPM/V42BIS', name='', cmd='/usr/sbin/pppd', user='/AutoPPP/ ' Aug 22 12:09:00 gatekeeper pppd[23404]: pppd 2.4.1 started by a_ppp, uid 0 Aug 22 12:09:00 gatekeeper pppd[23404]: Using interface ppp0 Aug 22 12:09:00 gatekeeper pppd[23404]: Connect: ppp0 <--> /dev/ttyS0 Aug 22 12:09:03 gatekeeper pam_winbind[23404]: user 'INTERCLEAN\davidb' granted ac ces Aug 22 12:09:03 gatekeeper pam_winbind[23404]: user 'INTERCLEAN\davidb' granted ac ces Aug 22 12:09:03 gatekeeper pppd[23404]: PAP login failure for INTERCLEAN\davidb Aug 22 12:09:03 gatekeeper pppd[23404]: Connection terminated. Aug 22 12:09:03 gatekeeper pppd[23404]: Exit. It looks like winbindd is giving the correct response, but PPP isn't buying it for some reason. Any ideas? ---------- David Brodbeck, System Administrator InterClean Equipment, Inc. Ann Arbor, Michigan davidb@mail.interclean.com (734) 975-2967 x221
----- Original Message ----- From: "David Brodbeck" <DavidB@mail.interclean.com> To: <samba@samba.org> Sent: Thursday, August 22, 2002 12:13 PM Subject: [Samba] using pam_winbind to authenticate PPP?> I'm trying to set up a Linux-based dialin server on our company network. > I'd like to have PPP authenticate using winbindd, if possible. I feellike> I've almost gotten it to work, but I can't quite get there. Files: > > /etc/pam.d/ppp: > > #%PAM-1.0 > auth required pam_nologin.so > auth sufficient /lib/security/pam_winbind.so > account required /lib/security/pam_winbind.so >My guess is you need to fix the account line. Try pam_permit.so on the account line and see if that works. If so decide if it's OK to keep or step back and look at what you really want to accomplish. Jerry
Nope, that made no difference.> -----Original Message----- > From: Jerry Murdock [mailto:jmurdock@itraktech.com] > Sent: Thursday, August 22, 2002 12:23 PM > To: David Brodbeck; samba@samba.org > Subject: Re: [Samba] using pam_winbind to authenticate PPP?> My guess is you need to fix the account line. Try > pam_permit.so on the > account line and see if that works. If so decide if it's OK > to keep or step > back and look at what you really want to accomplish.
Got it -- the problem seemed to be the "session" lines in /etc/pam.d/ppp, which I somehow managed to delete. Once I filled those in again it started working. PAM has to be the easiest service I've seen to misconfigure since sendmail. ;)> -----Original Message----- > From: David Brodbeck [mailto:DavidB@mail.interclean.com] > Sent: Thursday, August 22, 2002 12:14 PM > To: 'samba@samba.org' > Subject: [Samba] using pam_winbind to authenticate PPP? > > > I'm trying to set up a Linux-based dialin server on our > company network. > I'd like to have PPP authenticate using winbindd, if > possible. I feel like > I've almost gotten it to work, but I can't quite get there. Files: > > /etc/pam.d/ppp: > > #%PAM-1.0 > auth required pam_nologin.so > auth sufficient /lib/security/pam_winbind.so > account required /lib/security/pam_winbind.so > > > /etc/ppp/pap-secrets: > > # Secrets for authentication using PAP > # client server secret IP addresses > INTERCLEAN\\davidb * "" * > > My winbindd seperator is "\". I found through experience > that doubling up > the backslash is necessary in the pap-secrets file, otherwise > it complains > it can't find a secret for the account. > > /etc/ppp/options has the "login" flag turned on, and before > changing any PAM > settings I verified that I could add a local account to > pap-secrets, dial > in, and authenticate with it. > > Here's what happens when I try to dial in with a domain account: > > Aug 22 12:09:00 gatekeeper mgetty[23404]: data dev=ttyS0, pid=23404, > caller='none' > , conn='33600/ARQ/V34/LAPM/V42BIS', name='', cmd='/usr/sbin/pppd', > user='/AutoPPP/ > ' > Aug 22 12:09:00 gatekeeper pppd[23404]: pppd 2.4.1 started by > a_ppp, uid 0 > Aug 22 12:09:00 gatekeeper pppd[23404]: Using interface ppp0 > Aug 22 12:09:00 gatekeeper pppd[23404]: Connect: ppp0 <--> /dev/ttyS0 > Aug 22 12:09:03 gatekeeper pam_winbind[23404]: user > 'INTERCLEAN\davidb' > granted ac > ces > Aug 22 12:09:03 gatekeeper pam_winbind[23404]: user > 'INTERCLEAN\davidb' > granted ac > ces > Aug 22 12:09:03 gatekeeper pppd[23404]: PAP login failure for > INTERCLEAN\davidb > Aug 22 12:09:03 gatekeeper pppd[23404]: Connection terminated. > Aug 22 12:09:03 gatekeeper pppd[23404]: Exit. > > It looks like winbindd is giving the correct response, but > PPP isn't buying > it for some reason. Any ideas? > > ---------- > > David Brodbeck, System Administrator > InterClean Equipment, Inc. > Ann Arbor, Michigan > davidb@mail.interclean.com > (734) 975-2967 x221 > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Apparently Analagous Threads
- PDF printing problem - can't find Samba's file?
- Some users can't log in -- server shows username as "nobody"
- Adobe Photoshop uses wrong permissions when saving, default ACLs and create mask being ignored.
- Can anyone post a working pppd config?
- Some users can't log in -- server shows username as " nobody"