Jonathan C. Detert
2006-Nov-13 20:13 UTC
[Samba] apache, apache's mod-auth-pam, and pam_winbind : no nested groups
this problem might be more to do with apache than winbind, but I'll start here anyway... Problem: can't get apache httpauth to work with nested groups, though ssh auth (also using pam) to same box does Config: -------------------------------------------------------- software: apache 2.0.55, libapache2-mod-auth-pam 1.1.1, and winbind 3.0.22 pertinent apache config: AuthPAM_Enabled on AuthPAM_FallThrough off AuthGROUP_Enabled on LoadModule auth_pam_module LoadModule auth_sys_group_module pertinent winbind config: winbind nested groups = yes security = ADS /etc/pam.d/apache2: auth sufficient pam_winbind.so debug auth required pam_unix.so nullok_secure debug account sufficient pam_unix_acct.so debug account required pam_winbind.so debug .htaccess file: AuthName SDLplanRealm AuthType Basic require group sdl -------------------------------------------------------- Symptoms: --------- /var/log/auth.log winbbindd entries say : pam_winbind[29410]: user 'detertj' granted access but /var/log/apache2/ssl_error_log entries say: GROUP: detertj not in required group(s). Conclusion: ----------- any suggestions as to what to try, where to look, next? Thanks -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
Apparently Analagous Threads
- problem using 'winbind nss info =' statement
- Samba authentication against an NT group in Apache
- Apache auth failing for Active Directory group members
- [Fwd: Apache auth failing for Active Directory group members]
- can't map drive to WinXP client from v3.0.21 w. security=ads