Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Gentoo, Winbind, and PAM -- recipe for confusion?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
tmr777
Tux's lil' helper
Tux's lil' helper


Joined: 16 Jan 2003
Posts: 101
Location: Chicago, IL
PostPosted: Thu Sep 16, 2004 3:15 pm    Post subject: Gentoo, Winbind, and PAM -- recipe for confusion? Reply with quote
Greetings,

I have a fresh install of 2004.2 i686 with samba and winbind connected to a 2000 AD network. I have joined the domain and am getting back users and groups from it. Now, I would like all pam services to use winbind (login, ssh, etc).

My understanding is that the easy way out is to cp system-auth-winbind to system-auth and away you go.

When logging in tty, I am accepted and then immediately logged out. Logging as follow:

Code:
Sep 16 09:17:53 [pam_winbind] user 'trichar' granted acces
                - Last output repeated twice -
Sep 16 09:17:53 [login(pam_unix)] session opened for user trichar by (uid=0)
Sep 16 09:17:53 [login(pam_unix)] session closed for user trichar
S


When logging into ssh, I get:
Code:
Sep 16 09:54:04 [sshd] error: Could not get shadow information for trichards
Sep 16 09:54:04 [sshd] Failed password for trichards from 200.122.192.83 port 4544 ssh2
Sep 16 09:54:07 [sshd] error: PAM: Authentication failure for trichar from mis010.yada.yada.com
Sep 16 09:54:07 [sshd] Failed keyboard-interactive/pam for trichar from 200.122.192.83  port 4544 ssh2


Also, I tried manually changing /etc/pam.d/login to the way suggested in the samba docs. This gives the same result for tty login as above.

Am I correct in assuming this is the way intended to change all pam auths?

Any help greatly appreciated.

Thx,

_Terry
Back to top
View user's profile Send private message
tmr777
Tux's lil' helper
Tux's lil' helper


Joined: 16 Jan 2003
Posts: 101
Location: Chicago, IL
PostPosted: Thu Sep 16, 2004 11:14 pm    Post subject: RESOLVED Reply with quote
The problem here was that I did not uncomment this line in smb.conf:
Code:
template shell = /bin/bash

Consequently, /bin/nologin was run.

To summarize: once uncommented, you need only to replace system-auth with system-auth-winbind, and away you go.

For your next question of how to restrict access, well go here:
http://www.vanadac.com/~dajhorn/projects/lmsw/07%20SSH/index.html

_Terry
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy