thr3ads.net - samba - [Samba] pam_smb

If this information is useful, please help other people find it:
Share via:

Kevin Druet

2003-Oct-10 19:36 UTC

[Samba] pam_smb_auth help

Hello.

I have been trying to get Red Hat 9 workstations to authenticate via an
NT 4 PDC.

here is my /etc/pam.d/login file,

  auth      required   /lib/security/pam_securetty.so
    auth      required   /lib/security/pam_nologin.so
    auth      sufficient /lib/security/pam_pwdb.so shadow nullok
    auth      required   /lib/security/pam_smb_auth.so nolocal
    account   required   /lib/security/pam_pwdb.so
    password  required   /lib/security/pam_cracklib.so
    password  required   /lib/security/pam_pwdb.so nullok use_authtok
md5 shadow
    session   required   /lib/security/pam_pwdb.so
    session   optional   /lib/security/pam_console.so
    session  required    /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022


I have the NT drive containing users home directories mounted on /home.

Im able to login to the RH9 workstation with my NT domain credentials.

the problem I have is that I still  need at the very least, an an entry
in /etc/passwd in order to login with my NT domain credentials....

is there no way to authenticate without having a local /etc/passwd entry
?

I thought that was what the nolocal argument would accomplish.

thanx in advance for any help.

Kevin

Andrew Bartlett

2003-Oct-11 00:11 UTC

head link

[Samba] pam_smb_auth help

On Sat, 2003-10-11 at 05:36, Kevin Druet wrote:> Hello.
> 
> I have been trying to get Red Hat 9 workstations to authenticate via an
> NT 4 PDC.
> 
> here is my /etc/pam.d/login file,
>     auth      required   /lib/security/pam_smb_auth.so nolocal
> Im able to login to the RH9 workstation with my NT domain credentials.
> 
> the problem I have is that I still  need at the very least, an an entry
> in /etc/passwd in order to login with my NT domain credentials....
> 
> is there no way to authenticate without having a local /etc/passwd entry
> ?
> 
> I thought that was what the nolocal argument would accomplish.
The problem is the use of pam_smb.  If you used winbindd, (and
pam_winbind etc) then it should 'just work'.  Winbind provides all the
/etc/passwd entries via nsswtich, and securely authenticates the user
against the domain controller.

You may wish to look into the 'winbind use default domain' parameter in
Samba 3.0, to match the 'no domain prefix' behaviour of pam_smb.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031011/80051a77/attachment.bin

Possibly Parallel Threads

Search for more reasonably related threads

samba - Oct 2003 - pam_smb_auth help

[Samba] pam_smb_auth help

[Samba] pam_smb_auth help

Possibly Parallel Threads