Benjamin Krein
2002-Dec-05 16:30 UTC
[Samba] Authenticate Linux Session with NT Domain Acct.
Despite configuring winbind and my /etc/pam.d/<files>, I am still unable to actually log into a Linux session (ie, at the gdm login screen or text login prompt) using my NT domain account. Here is my /etc/pam.d/login file: auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so NOTE: I can access NT shares using my NT Domain credentials, but that's about it. I can also get group/user info. from the NT domain which tells me winbind is communicating with my PDC. Thanks for any help. -- Benjamin T. Krein Network Administrator PMC Technologies, Inc.
Buchan Milne
2002-Dec-06 15:43 UTC
[Samba] Authenticate Linux Session with NT Domain Acct.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> Message: 24 > From: Benjamin Krein <bkrein@pmctechnologies.com> > To: samba@lists.samba.org > Organization: PMC Technologies, Inc. > Date: 05 Dec 2002 11:28:56 -0500 > Subject: [Samba] Authenticate Linux Session with NT Domain Acct. > > Despite configuring winbind and my /etc/pam.d/<files>, I am still unable > to actually log into a Linux session (ie, at the gdm login screen or > text login prompt) using my NT domain account. Here is my > /etc/pam.d/login file: > > auth required /lib/security/pam_securetty.so > auth sufficient /lib/security/pam_winbind.so > auth sufficient /lib/security/pam_unix.so use_first_pass > auth required /lib/security/pam_stack.so service=system-auth > auth required /lib/security/pam_nologin.so > account sufficient /lib/security/pam_winbind.so > account required /lib/security/pam_stack.so service=system-auth > password required /lib/security/pam_stack.so service=system-auth > session required /lib/security/pam_stack.so service=system-auth > session optional /lib/security/pam_console.so >It would be useful if you included your /etc/pam.d/system-auth file. You don't have a pam_mkhomedir entry here, so you won't be logged in if your home directory does not exist.> NOTE: I can access NT shares using my NT Domain credentials, but that's > about it. I can also get group/user info. from the NT domain which > tells me winbind is communicating with my PDC. Thanks for any help.Some more debugging info would be useful, such as whether: 1)'wbinfo -u' returns domain users 2)'wbinfo -g' returns domain groups 3)'getent passwd' includes domain users 4)'getent group' includes domain groups BTW, Mandrake 9.0 has an option for winbind authentication during installation, which mostly works out the box (if you enter your domain name in caps, otherwise you have to create /home/DOMAIN manually). The file that we use to replace /etc/pam.d/system-auth (so you don't have to hack any other pam files for winbind auth) is in the samba source distribution, under packaging/Mandrake. You can also find some examples for Redhat 8.0 in the tarball which includes my presentation on winbind: http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.tar.gz Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE98MX4rJK6UGDSBKcRAr8aAKCy291pYAtGE5yyNynTSqoD/rj94gCgmavs tIgfy1SIqO0UzvVqmdaeRp8=ab// -----END PGP SIGNATURE-----