samba - Jun 2004 - two problems with pam authentication

Hi,


   my etc/pam.d/login file is given at the end.

 i am using winbind and single sign on is working now. on the fly
directory creation also works.

 when i check the /var/log/messages  i have this error in there

1.Jun 23 05:40:46 niit158VM pam_winbind[1696]: user
'linwin/zubair'granted
 acces

2.Jun 23 05:40:46 niit158VM pam_winbind[1696]: user 'linwin/zubair'
granted acces

3.Jun 23 05:40:46 niit158VM PAM-mkhomedir[1696]: unknown option; /etc/skel/

4.Jun 23 05:40:46 niit158VM  -- LINWIN/zubair[1696]: LOGIN ON tty1 BY
LINWIN/zubair


now why is winbind being called twice?i have it only once in the
authentication section of the login file. i do have it in others sections
too.

secondly why is it giving this unknown option error. every time a new user
logings the directory is created on the fly.so where is this error coming
from.


ok this was the first problem.

now the second problem is when the root logins.

here is what the /var/log/messages have for us

Jun 23 06:00:37 niit158VM pam_winbind[1834]: request failed: No such user,
PAM error was 10, NT error was NT_STATUS_NO_SUCH_USER
Jun 23 06:00:37 niit158VM pam_winbind[1834]: user 'root' granted acces
Jun 23 06:00:37 niit158VM PAM-mkhomedir[1834]: unknown option; /etc/skel/
Jun 23 06:00:37 niit158VM  -- root[1834]: ROOT LOGIN ON tty1


now look at this. first winbind tries it for user root and fails.

and in the second line again winbind tries and user root is granted
access. there is no user named root in active directory. how is winbind
being able to authenticate root?

here is my login file

#%PAM-1.0
auth       required     pam_env.so
auth       required     pam_securetty.so
auth       sufficient   pam_winbind.so
auth       required     pam_pwdb.so shadow use_first_pass


account    sufficient   pam_winbind.so
account    required     pam_stack.so service=system-auth

password   sufficient   pam_winbind.so
password   required     pam_stack.so service=system-auth


session    sufficient   pam_mkhomedir.so skel= /etc/skel/ umask=0022
session    required     pam_stack.so service=system-auth




Sahibzada Junaid Noor
Ph#(+92) (051) 5950 940
Cell#(+92) (0333) 5223586
Qazi plaza,Third Floor,Commerical Market,
Chaklala Scheme 3,
Rawalpindi
Islamic Republic of Pakistan

Hi,
winbindd is irealy called 2 times, and that is normal,
once it is called to verify the user has a correct lpassword,
second to verify he has a vallid account.
and pam_mkhomedir is complaining about the space-caracter between the 
strings "skel=" and "/etc/skel/".
this should read "skel=/etc/skel/"
Christoph

31sahibzada@niit.edu.pk schrieb:
> Hi,
> 
> 
>    my etc/pam.d/login file is given at the end.
> 
>  i am using winbind and single sign on is working now. on the fly
> directory creation also works.
> 
>  when i check the /var/log/messages  i have this error in there
> 
> 1.Jun 23 05:40:46 niit158VM pam_winbind[1696]: user
'linwin/zubair'granted
>  acces
> 
> 2.Jun 23 05:40:46 niit158VM pam_winbind[1696]: user 'linwin/zubair'
> granted acces
> 
> 3.Jun 23 05:40:46 niit158VM PAM-mkhomedir[1696]: unknown option; /etc/skel/
> 
> 4.Jun 23 05:40:46 niit158VM  -- LINWIN/zubair[1696]: LOGIN ON tty1 BY
> LINWIN/zubair
> 
> 
> now why is winbind being called twice?i have it only once in the
> authentication section of the login file. i do have it in others sections
> too.
> 
> secondly why is it giving this unknown option error. every time a new user
> logings the directory is created on the fly.so where is this error coming
> from.
> 
> 
> ok this was the first problem.
> 
> now the second problem is when the root logins.
> 
> here is what the /var/log/messages have for us
> 
> Jun 23 06:00:37 niit158VM pam_winbind[1834]: request failed: No such user,
> PAM error was 10, NT error was NT_STATUS_NO_SUCH_USER
> Jun 23 06:00:37 niit158VM pam_winbind[1834]: user 'root' granted
acces
> Jun 23 06:00:37 niit158VM PAM-mkhomedir[1834]: unknown option; /etc/skel/
> Jun 23 06:00:37 niit158VM  -- root[1834]: ROOT LOGIN ON tty1
> 
> 
> now look at this. first winbind tries it for user root and fails.
> 
> and in the second line again winbind tries and user root is granted
> access. there is no user named root in active directory. how is winbind
> being able to authenticate root?
> 
> here is my login file
> 
> #%PAM-1.0
> auth       required     pam_env.so
> auth       required     pam_securetty.so
> auth       sufficient   pam_winbind.so
> auth       required     pam_pwdb.so shadow use_first_pass
> 
> 
> account    sufficient   pam_winbind.so
> account    required     pam_stack.so service=system-auth
> 
> password   sufficient   pam_winbind.so
> password   required     pam_stack.so service=system-auth
> 
> 
> session    sufficient   pam_mkhomedir.so skel= /etc/skel/ umask=0022
> session    required     pam_stack.so service=system-auth
> 
> 
> 
> 
> Sahibzada Junaid Noor
> Ph#(+92) (051) 5950 940
> Cell#(+92) (0333) 5223586
> Qazi plaza,Third Floor,Commerical Market,
> Chaklala Scheme 3,
> Rawalpindi
> Islamic Republic of Pakistan
>