This is my pam config for ssh:
#%PAM-1.0
auth required pam_nologin.so
auth sufficient pam_winbind.so
auth required pam_unix.so use_first_pass shadow
auth required pam_env.so # [1]
account sufficient pam_winbind.so
account required pam_unix.so use_first_pass
session sufficient pam_mkhomedir.so skel=/etc/skel umask=0022
session required pam_unix.so
session optional pam_lastlog.so # [1]
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
password required pam_unix.so
Which is working for me. I can login from any client on the server using ssh,
with UIDs known on the server and UIDs known in the PDC.
What does auth.log say when you try to login? You can increase loging for
winbind by putting this in your pam:
auth sufficient pam_winbind.so debug
------------------------
Christophe Reynders <christophereynders@yahoo.com> wrote:
------------------------
kenneth westelinck wrote:>What does wbinfo -u, wbinfo -g, getent passwd, getent group say?
>
>
>This all works. wbinfo -g -u shows me the groups and the users from the
PDC. But not all of them. The list is limited. I don't know why but that
isn't a big problem I think because when I run the command getent group and
getent passwd, it shows me all the users.
>
>I am able to login through ssh via a windows user on the server himself. So
here does winbind his job. I can generate a public and private key on the
server. But when I want to login with a windows or unix user into the server via
a windows client it refuses the connection. I think that the problem may be in
the pam ssh module. Do you use the same pam ssh module or do you have a
different version. With my pam file it would be able to allow ssh login for
windows users but it doesn't.
>
>
>----- Original Message -----
>From: "Christophe Reynders"
>To:
>Sent: Thursday, June 05, 2003 5:22 PM
>Subject: [Samba] CVS over SSH
>
>
>> Hi there
>>
>> I'm running a samba cvs server in a windows domain with a W2K PDC.
I want
>to authenticate windows users through ssh. I'm able to login with a
windows
>user to the server on the server himself but when I want to login via a
>windows client It doesn't work. The connection is refused. Could it be
>something mis configured in my ssh pam module.
>> This is my pam ssh module
>> PAM configuration file for sshd
>> auth required /lib/security/pam_nologin.so
>> auth sufficient /lib/security/pam_winbind.so
>> auth required /lib/security/pam_pwdb.so shadow nullok
>>
>> account sufficient /lib/security/pam_winbind.so
>> account required /lib/security/pam_pwdb.so
>>
>> session required /lib/security/pam_pwdb.so
>> session optional /lib/security/pam_console.so
>>
>> password required /lib/security/pam_cracklib.so
>> password required /lib/security/pam_pwdb.so nullok use_authtok
>shadow
>> Could anybody please help me out, I would appreciate it
>> Thanks in advance
>> Regards
>>
>>
>> ---------------------------------
>> Do you Yahoo!?
>> Free online calendar with sync to Outlook(TM).
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: http://lists.samba.org/mailman/listinfo/samba
>>
>>
>
>
>
>
>---------------------------------
>Do you Yahoo!?
>Free online calendar with sync to Outlook(TM).
>
>kenneth westelinck <kenneth.westelinck@pandora.be> wrote:
>
>What does wbinfo -u, wbinfo -g, getent passwd, getent group say?
>This all works. wbinfo-g -ushows me the groups and the users from the PDC.
But not all of them. Thelist is limited. I don't know why but that isn't
a big problem I think becausewhen I run the command getent group and getent
passwd,it shows me all the users.
>I am able to login through ssh via a windows user on the server himself. So
here does winbind his job. I can generate a public and private key on the
server. But when I want to login with a windows or unixuserinto the server via a
windows client it refuses the connection. I think that the problem may be in the
pam ssh module. Do you use the same pam ssh module or do you have a different
version. With my pam fileit would be able to allow ssh login for windows users
but it doesn't.
>----- Original Message ----- From: "Christophe Reynders" To: Sent:
Thursday, June 05, 2003 5:22 PMSubject: [Samba] CVS over SSH> Hi
there>> I'm running a samba cvs server in a windows domain
with a W2K PDC. I wantto authenticate windows users through ssh. I'm able to
login with a windowsuser to the server on the server himself but when I want to
login via awindows client It doesn't work. The connection is refused. Could
it besomething mis configured in my ssh pam module.> This is my pam ssh
module> PAM configuration file for sshd> auth required
/lib/security/pam_nologin.so> auth sufficient
/lib/security/pam_winbind.so> auth required /lib/security/pam_pwdb.so
shadow nullok>> account sufficient
/lib/security/pam_winbind.so> account required
/lib/security/pam_pwdb.so>> session required /lib/securi
> ty/pam_pwdb.so> session optional
/lib/security/pam_console.so>> password required
/lib/security/pam_cracklib.so> password required
/lib/security/pam_pwdb.so nullok use_authtokshadow> Could anybody please
help me out, I would appreciate it> Thanks in advance>
Regards>>> ---------------------------------> Do you
Yahoo!?> Free online calendar with sync to Outlook(TM).> --
> To unsubscribe from this list go to the following URL and read
the> instructions:
http://lists.samba.org/mailman/listinfo/samba>>
>Do you Yahoo!?
>Free online calendar with sync to Outlook(TM).