Hello, I want to do a single signon setup with samba/winbind and a windows2003 SBS. I have nearly everything up and running. wbinfo gives what I expected. When I try to sign on (su) with a windows account the follwoing happens: # su dkhan su: Authentication service cannot retrieve authentication info. (Ignored) So it recognizes me as windows account and pam somehow tries to authenticate the user but the something wents wrong. nsswitch: passwd: compat winbind shadow: compat winbind group: compat winbind Any hints would be really appreciated. greetings -- Daniel Khan
Hello List, Daniel Khan wrote:> When I try to sign on (su) with a windows account the follwoing happens: > > # su dkhan > su: Authentication service cannot retrieve authentication info. > (Ignored)For the archives. I was finally able to solve this problem. It simply was 1.) a wrong order inside the pams system-auth configuration. I now have: # cat /etc/pam.d/system-auth #%PAM-1.0 auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_winbind.so debug use_first_pass auth required pam_deny.so account sufficient pam_winbind.so debug account required pam_unix.so password required pam_cracklib.so retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so session optional pam_winbind.so debug session optional pam_mkhomedir.so This works fine and even creates the homedir as expected. 2.) a missing smb.conf shell setting for the ad users (which defaulted to /bin/false) I added template shell= /bin/bash to smb.conf Now I'm done! greetings -- Daniel Khan