Hi When I try and login as a domain user called s3: su MARINA\\s3 I get: Kerberos: AS-REQ MARINAs3 at HH3.SITE from ipv4:192.168.1.2:50945 for krbtgt/HH3.SITE at HH3.SITE Kerberos: UNKNOWN -- MARINAs3 at HH3.SITE: no such entry found in hdb Kerberos is not seeing the winbind separator. So I try winbind separator = + wbinfo -i s3 MARINA+s3:*:3000028:20513::/home/MARINA/s3:/bin/bash getent passwd s3 MARINA+s3:*:3000028:20513::/home/MARINA/s3:/bin/bash This time it sees the separator but still no login: Kerberos: AS-REQ MARINA+s3 at HH3.SITE from ipv4:192.168.1.2:56583 for krbtgt/HH3.SITE at HH3.SITE Kerberos: UNKNOWN -- MARINA+s3 at HH3.SITE: no such entry found in hdb But s3 can kinit fine: kinit s3 Password for s3 at HH3.SITE: Warning: Your password will expire in 41 days on Tue Jul 3 09:45:30 2012 Could this be pam? Cheers, Steve
On 22/05/12 09:56, steve wrote:> Hi > When I try and login as a domain user called s3:> Could this be pam? > Cheers, > Steve >Yes it was. For the record, you need to build with the pam devel headers. On openSUSE that's libpam-dev Cheers, Steve Oh. whilst I'm here, we are finding that having to have all home directories in one place restricting. There doesn't seem a way of replacing /home/DOMAIN/user with e.g. /home/DOMAIN/what-we-want/user. Cheers, Steve