[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam & winbindd

I want to authenticate linux logins via winbind. Everything is running, so all ADS users can login. But I want only some users to log in, so I used a winbind feature called require_membership_of to restrict to a group. But this does not work and I think it is a pam config problem. 
The log shows the following:

Apr 13 09:03:24 personal pam_winbind[7423]: pam_winbind: pam_sm_authenticate
Apr 13 09:03:29 personal pam_winbind[7423]: Verify user `testuser'
Apr 13 09:03:29 personal pam_winbind[7423]: CONFIG file: require_membership_of 'nagios-user' 
Apr 13 09:03:29 personal pam_winbind[7423]: CONFIG file: krb5_ccache_type 'FILE'
Apr 13 09:03:29 personal pam_winbind[7423]: enabling krb5 login flag
Apr 13 09:03:29 personal pam_winbind[7423]: enabling request for a FILE krb5 ccache
Apr 13 09:03:29 personal pam_winbind[7423]: no sid given, looking up: nagios-user
Apr 13 09:03:29 personal pam_winbind[7423]: user 'testuser' OK
Apr 13 09:03:29 personal pam_winbind[7423]: request failed: Logon failure, PAM error was Authentication failure (7), NT error was NT_STATUS_LOGON_FAILURE Apr 13 09:03:29 personal pam_winbind[7423]: user `testuser' denied access (incorrect password or invalid membership) Apr 13 09:03:29 personal pam_winbind[7423]: request returned KRB5CCNAME: FILE:/tmp/krb5cc_1002 
Apr 13 09:03:29 personal pam_winbind[7423]: user 'testuser' OK
Apr 13 09:03:29 personal pam_winbind[7423]: user 'testuser' granted access
Apr 13 09:03:48 personal pam_winbind[7423]: pam_winbind: pam_sm_close_session handler 
Apr 13 09:03:48 personal pam_winbind[7423]: username [testuser] obtained
Apr 13 09:03:48 personal pam_winbind[7423]: user 'testuser' OK
I realy dont understand why the testuser is authenticated and can login although there is a access denied (invalid membership). 

Can you help me?

Thanks

Peter
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]