win2k AD/PDC, Linux 2.4.18 (rh 7.3), samba 2.2.7a
I configure nsswitch and winbind to do authentication against either the
local passwd file OR the win2k box. Works fine. My need is to mount the
users share under their login directory. Pam_mount would seem to be the
answer. It was failing so I turned on debugging, and only now and then does
pam_mount seem to get the password from winbind. My suspicion is around the
caching of answers that winbind does. It looks like that regardless of what
you have the password cache setting at, if it has got a correct answer for
this user once, and the DB on the win2k server hasn't changed, we don't
really ask (which is fine), but it seems we don't pass the password on to
other modules that might want a look at it. I've included my pam config for
login below. Pam_mount seems to work fine for local users.
Am I in the weeds? Feature? bug?
thanks
jim feldman
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
session required /lib/security/pam_mount.so use_first_pass
auth required /lib/security/pam_mount.so use_first_pass
