[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Active directory authenication via PAM in RedHat AS3
- From: Nalin Dahyabhai <nalin redhat com>
- To: taroon-list redhat com
- Subject: Re: Active directory authenication via PAM in RedHat AS3
- Date: Tue, 28 Oct 2003 12:45:45 -0500
On Fri, Oct 24, 2003 at 03:16:33PM -0700, shane stixrud org wrote:
> I am to the point where my AS3 server is a member server in our
> active directory domain (winbind + kerberos has been confirmed working).
>
> I am stumped as to what is the minimum PAM configuring required for
> system wide authentication via winbind. My understanding is that
> adding auth and account statements for the pam_winbind module into the
> /etc/pam.d/system-auth file should be sufficient?
>
> When attempting to login to the server with an active directory account, I
> receive the following error:
>
> Oct 24 14:37:55 ns4 sshd[4062]: Illegal user AD+spgsrs from 127.0.0.1
> Oct 24 14:38:00 ns4 sshd[4062]: Failed password for illegal user AD+spgsrs
> from 127.0.0.1 port 33004 ssh2
>
> Am I missing something simple? :)
PAM is only handling the authentication side of things. Specifically,
this means verifying the user's identity at login-time using a password,
noticing and updating expired passwords, and the like.
Applications like login also need to know the user's home directory,
shell, UID, GID, and other such things. Applications look up this
information by calling into libc's NSS¹ subsystem. The set of sources
which libc uses for finding this information is specified in
/etc/nsswitch.conf. You most likely want to change these lines:
passwd: files
shadow: files
group: files
to include "winbind", like so:
passwd: files winbind
shadow: files winbind
group: files winbind
HTH,
Nalin
¹ For more information on NSS, see the glibc documentation.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]