On Sat, 2003-10-11 at 05:36, Kevin Druet wrote:> Hello.
>
> I have been trying to get Red Hat 9 workstations to authenticate via an
> NT 4 PDC.
>
> here is my /etc/pam.d/login file,
> auth required /lib/security/pam_smb_auth.so nolocal
> Im able to login to the RH9 workstation with my NT domain credentials.
>
> the problem I have is that I still need at the very least, an an entry
> in /etc/passwd in order to login with my NT domain credentials....
>
> is there no way to authenticate without having a local /etc/passwd entry
> ?
>
> I thought that was what the nolocal argument would accomplish.
The problem is the use of pam_smb. If you used winbindd, (and
pam_winbind etc) then it should 'just work'. Winbind provides all the
/etc/passwd entries via nsswtich, and securely authenticates the user
against the domain controller.
You may wish to look into the 'winbind use default domain' parameter in
Samba 3.0, to match the 'no domain prefix' behaviour of pam_smb.
Andrew Bartlett
--
Andrew Bartlett abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet@samba.org
Student Network Administrator, Hawker College abartlet@hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031011/80051a77/attachment.bin