l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Dec 18 16:48

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] need help with samba/winbind/pam
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] need help with samba/winbind/pam


I'm trying to get a debian sid box to authenticate against an NT4
domain.  I've followed the instructions in the winbindd man page and I
think I'm on the right track.  However, I'm having problems with PAM.  

As the winbindd man page suggests, I edited the /etc/nsswitch.conf and
added some winbindd related stuff to my smb.conf file. 

I also edited the /etc/pam.d/* files.  This is where I'm having
problems... more on that later.

I joined the domain using this:
net join -U Administrator
I was prompted for a password and was allowed to join the domain.

I ran the winbindd program just to make sure it is up and running, then
I did this:
wbinfo -t
And that told me that the trust relationship with the domain is ok.

So, my linux box is part of the NT4 domain and things look good.  I can
walk over to the N4 domain controller and see a computer account for my
linux box.  I can do wbinfo -u on my linux box and see a list of all the
windows domain users... and I'm starting to smell success.  But wait...

Here is where the problem starts.  I want use a Windows domain account
to login to the linux box.  For instance, I should be able to use the
windows Administrator account to login on my linux box.  

So I go to a terminal and try to log in as Administrator and it says
"permission denied".  I've screwed around with the /etc/pam.d/* files
enough to allow me to login via a terminal using the Windows
Administrator account, but I haven't been able to do the same with
GDM/Gnome.  I eventually screwed around with these files enough to lock
myself out of my system, but got back in.  ;-)

So, I guess I need help understanding the /etc/pam.d/* files.

The winbindd man page says this:

 In /etc/pam.d/* replace the  auth lines with something like this:
 auth       required /lib/security/pam_securetty.so
 auth       required /lib/security/pam_nologin.so
 auth       sufficient /lib/security/pam_winbind.so
 auth       required /lib/security/pam_pwdb.so use_first_pass
shadow nullok
 Note  in  particular  the  use  of  the  sufficient   keyword  and  the
 use_first_pass keyword.
 Now replace the account lines with this:
 account required /lib/security/pam_winbind.so

When I edited the pam.d files, anytime I saw a line that starts with
auth, I commented it out and inserted all of the above lines that start
with auth.  Likewise, I made similar edits for lines that start with
account.  I don't really understand with this means though... Any



vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.