Hi,
I've read through some of the posts and can't see an answer to my query
so I'm throwing it here :)
GOAL: To use Winbind to authenticate users against directory,for Console Login,
GDM, SSH etc
While this has been somewhat successful, there are a few errors that I would
like to remove (if possible).
Firstly :
When I ssh with an AD user all appears to log in ok, except the ssh client in
windows throws up 'Enter your Authentication Response', and in the
syslog there are 2 entries :
pam_winbind[12657]: user 'bill' granted access
pam_winbind[12657]: user 'bill' granted access
sshd[12714]: Accepted keyboard-interactive/pam for bill from xx.xx.xx.xx port
1423 ssh2
sshd(pam_unix)[12720]: session opened for user bill by (uid=0)
Shouldn't there just be one pam_winbind entry?
Secondly :
When I ssh with a non AD user,such as root, windows still throws up 'Enter
your Authentication Response', and in the syslog, the following :
pam_winbind[12682]: request failed: No such user, PAM error was 10, NT error was
NT_STATUS_NO_SUCH_USER
pam_winbind[12682]: user 'root' granted access
sshd[12677]: Accepted keyboard-interactive/pam for root from xx.xx.xx.xx port
1413 ssh2
sshd(pam_unix)[12683]: session opened for user root by root(uid=0)
Now, although it did indeed log my root user in, I'm baffled as to why
winbind even attempted to look in the AD. In the nsswitch.conf (below) it
clearly states COMPAT WINBIND,which I took to believe, that it would look in
files first (e.g passwd/group) and then winbind would query the AD,but clearly
this error states otherwise.
# /etc/nsswitch.conf:
passwd: compat winbind
shadow: compat
group: compat winbind
# /etc/pam/sshd
#%PAM-1.0
auth required pam_stack.so service=system-auth-winbind
auth required pam_shells.so
auth required pam_nologin.so
account required pam_stack.so service=system-auth-winbind
password required pam_stack.so service=system-auth-winbind
session required pam_stack.so service=system-auth-winbind
# /etc/pam/system-auth-winbind
#%PAM-1.0
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
use_first_pass
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shadow
password required /lib/security/pam_deny.so
#session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
Any pointers or direct help would be gratefully received.
Thanks
--
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
