Mailing List
Home
Linux - General Red Hat Linux discussion list
Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)
Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)
Installation - Getting started with Red Hat Linux
Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)
Red Hat Linux 8.0 - Discussion of Red Hat Linux 8.0 (Psyche)
Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)
Red Hat Linux 7.1 - Discussion of Red Hat Linux 7.1 (Seawolf)
Apache Web Server
Oracle database, Microsoft SQL server ...
Subjects
application/x mplayer2 plugin
RPM error: db4 error(16) from dbenv >remove: Device or resource
   busy
Command stream end of file while reading
X Windows problem (xauth)
Upgrading openoffice 1 1 rpm
FTP: connection refused
FTP: connection refused
mount: /dev/cdrom: is not a valid block device
Dell Precision 650, RedHat 9, no sound
how to trace the cause resulting in the crash of bind server
Virus on the list
UNINSTALL RPM MYSQL
usb pen drives: mounting as a user
broadcom network interface
make mrproper
sendmail configuration on redhat
Couldn 't open PID file /var/run/named/named pid Permission denied
Promise 378 controller
kernel 2 6 and /dev/sound/mixer not found
Problem using up2date
mrtg step by step howto/configuration for a newbie?
Compiling and Installing Kernel 2 6
Can 't locate module ppp0, can 't locate module ppp compress 21
HOW I CAN MAKE BOOTABLE FLOPPY DISKET
Lotus Notes under Wine
/etc/security/limits conf question
Intel E/1000 driver
Command stream end of file while reading
rpm database corrupt
qla2300 modules
 
Search:  
Power your search with and, or, +, -, or "some phrase" operators.
Active directory authenication via PAM in RedHat AS3

Active directory authenication via PAM in RedHat AS3

2003-10-29       - By shane@(protected)

 Back
Reply:     1     2     3     4     5  

On Tue, 28 Oct 2003, Nalin Dahyabhai wrote:

> Applications like login also need to know the user 's home directory,
> shell, UID, GID, and other such things. Applications look up this
> information by calling into libc 's NSS? subsystem. The set of sources
> which libc uses for finding this information is specified in
> /etc/nsswitch.conf. You most likely want to change these lines:
>
>    passwd: files
>    shadow: files
>    group: files
>
> to include "winbind ", like so:
>
>    passwd: files winbind
>    shadow: files winbind
>    group: files winbind
>

I was aware of this, I had only added winbind to passwd and group, but not
shadow. However I still am having problems logining in via ssh. wbinfo -u
and wbinfo -g reports what one would expect and I can login to a samba
share via my microsoft AD userid.

The only pam file I updated was /etc/pam.d/system-auth which contains:

auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_winbind.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
use_first_pass
auth required /lib/security/$ISA/pam_deny.so


account required /lib/security/$ISA/pam_winbind.so
account required /lib/security/$ISA/pam_unix.so

password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_mkhomedir.so
skel=/etc/skel
session required /lib/security/$ISA/pam_unix.so

/var/log/messages reports:

Oct 28 22:19:39 ns4 pam_winbind[13084]: request failed: Unexpected
information received, PAM error was 4, NT error was
NT_STATUS_INVALID_PARAMETER
Oct 28 22:19:39 ns4 pam_winbind[13084]: internal module error (retval = 4,
user = `NOUSER '
Oct 28 22:19:39 ns4 sshd(pam_unix)[13084]: check pass; user unknown
Oct 28 22:19:39 ns4 sshd(pam_unix)[13084]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=ns4.met-farm.vmmc.org

and /var/log/secure

Oct 28 22:19:37 ns4 sshd[13084]: Illegal user AD+spgsrs from 127.0.0.1
Oct 28 22:19:42 ns4 sshd[13084]: Failed password for illegal user
AD+spgsrs from 127.0.0.1 port 35594 ssh2

I must be missing something simple...