Authenticating FC3 against an ADS Server

Wed Apr 27 05:54:45 UTC 2005

Has anyone managed to successfully authenticate a Fedora Core 3
workstation against a MS Active Directory? We have have had some
moderate success, i.e. we have joined the machine to the domain and can
view users in active directory s but still can't login through the
graphical login. 

<!--
[root at machine user]# net ads testjoin
Join is OK
-->

When trying to login...

<!tail messages--
Apr 27 09:33:44 localhost login(pam_unix)[5072]: authentication failure;
logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=  user=DOMAIN
\agent.smith
Apr 27 09:33:45 localhost pam_winbind[5072]: user 'DOMAIN\agent.smith'
granted access
Apr 27 09:33:45 localhost pam_winbind[5072]: user 'DOMAIN\agent.smith'
granted access
Apr 27 09:33:45 localhost login(pam_unix)[5072]: session opened for user
DOMAIN\agent.smith by LOGIN(uid=0)
Apr 27 09:33:45 localhost login[5072]: Permission denied
-->

/etc/pam.d/login
#%PAM-1.0
auth       required     pam_securetty.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_mkhomedir.so skel=/etc/skel/ umask=0077
session    required     pam_selinux.so multiple open
-->

#%PAM-1.0
auth      required      pam_securetty.so
auth      sufficient    pam_winbind.so
auth      required      pam_nologin.so
account   required      pam_winbind.so
password  required      pam_stack.so service=system-auth
session   required      pam_mkhomedir.so skel=/etc/skel/ umask=0077

Apr 27 10:37:29 localhost pam_winbind[7053]: user 'domain\agent.smith'
granted access
Apr 27 10:37:29 localhost pam_winbind[7053]: user 'domain\agent.smith'
granted access
Apr 27 10:37:29 localhost login[7053]: Permission denied
-->

Any help or pointers towards some good documentation would be greatly
appreciated.

Gavin