[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Active directory authenication via PAM in RedHat AS3

From: shane stixrud org
To: taroon-list redhat com
Subject: Re: Active directory authenication via PAM in RedHat AS3
Date: Tue, 28 Oct 2003 22:35:10 -0800 (PST)

On Tue, 28 Oct 2003, Nalin Dahyabhai wrote:

> Applications like login also need to know the user's home directory,
> shell, UID, GID, and other such things.  Applications look up this
> information by calling into libc's NSS¹ subsystem.  The set of sources
> which libc uses for finding this information is specified in
> /etc/nsswitch.conf.  You most likely want to change these lines:
> 
> 	passwd:     files
> 	shadow:     files
> 	group:      files
> 
> to include "winbind", like so:
> 
> 	passwd:     files winbind
> 	shadow:     files winbind
> 	group:      files winbind
> 

I was aware of this, I had only added winbind to passwd and group, but not 
shadow. However I still am having problems logining in via ssh. wbinfo -u 
and wbinfo -g reports what one would expect and I can login to a samba 
share via my microsoft AD userid.  

The only pam file I updated was /etc/pam.d/system-auth which contains:

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_winbind.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok 
use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so


account     required      /lib/security/$ISA/pam_winbind.so
account     required      /lib/security/$ISA/pam_unix.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok 
use_authtok md5 shadow
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_mkhomedir.so 
skel=/etc/skel
session     required      /lib/security/$ISA/pam_unix.so

/var/log/messages reports:

Oct 28 22:19:39 ns4 pam_winbind[13084]: request failed: Unexpected 
information received, PAM error was 4, NT error was 
NT_STATUS_INVALID_PARAMETER
Oct 28 22:19:39 ns4 pam_winbind[13084]: internal module error (retval = 4, 
user = `NOUSER'
Oct 28 22:19:39 ns4 sshd(pam_unix)[13084]: check pass; user unknown
Oct 28 22:19:39 ns4 sshd(pam_unix)[13084]: authentication failure; 
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=ns4.met-farm.vmmc.org 

and /var/log/secure

Oct 28 22:19:37 ns4 sshd[13084]: Illegal user AD+spgsrs from 127.0.0.1
Oct 28 22:19:42 ns4 sshd[13084]: Failed password for illegal user 
AD+spgsrs from 127.0.0.1 port 35594 ssh2

I must be missing something simple...

Follow-Ups:
- Re: Active directory authenication via PAM in RedHat AS3
  - From: Nalin Dahyabhai
- Re: Active directory authenication via PAM in RedHat AS3
  - From: Keith Sharp

References:
- Re: Active directory authenication via PAM in RedHat AS3
  - From: Nalin Dahyabhai

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]