Active directory authenication via PAM in RedHat AS3

Mailing List

Home

Linux - General Red Hat Linux discussion list

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Installation - Getting started with Red Hat Linux

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Red Hat Linux 8.0 - Discussion of Red Hat Linux 8.0 (Psyche)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.1 - Discussion of Red Hat Linux 7.1 (Seawolf)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

Active directory authenication via PAM in RedHat AS3

Active directory authenication via PAM in RedHat AS3

2003-10-28 - By Nalin Dahyabhai

Back

Reply: 1 2 3 4 5

On Fri, Oct 24, 2003 at 03:16:33PM -0700, shane@(protected) wrote:
> I am to the point where my AS3 server is a member server in our
> active directory domain (winbind + kerberos has been confirmed working).
>
> I am stumped as to what is the minimum PAM configuring required for
> system wide authentication via winbind. My understanding is that
> adding auth and account statements for the pam_winbind module into the
> /etc/pam.d/system-auth file should be sufficient?
>
> When attempting to login to the server with an active directory account, I
> receive the following error:
>
> Oct 24 14:37:55 ns4 sshd[4062]: Illegal user AD+spgsrs from 127.0.0.1
> Oct 24 14:38:00 ns4 sshd[4062]: Failed password for illegal user AD+spgsrs
> from 127.0.0.1 port 33004 ssh2
>
> Am I missing something simple? :)

PAM is only handling the authentication side of things. Specifically,
this means verifying the user 's identity at login-time using a password,
noticing and updating expired passwords, and the like.

Applications like login also need to know the user 's home directory,
shell, UID, GID, and other such things. Applications look up this
information by calling into libc 's NSS? subsystem. The set of sources
which libc uses for finding this information is specified in
/etc/nsswitch.conf. You most likely want to change these lines:

   passwd: files
   shadow: files
   group: files

to include "winbind ", like so:

   passwd: files winbind
   shadow: files winbind
   group: files winbind

HTH,

Nalin

? For more information on NSS, see the glibc documentation.