On Tue, 31 Jul 2007 07:44:38 +0200 Anders Trobäck <[EMAIL PROTECTED]> wrote:
> On Mon, 30 Jul 2007 15:44:14 +0200 > Anders Trobäck <[EMAIL PROTECTED]> wrote: > > > On Mon, 30 Jul 2007 14:17:37 +0100 > > Stroller <[EMAIL PROTECTED]> wrote: > > > > > > > > On 30 Jul 2007, at 12:07, Anders Trobäck wrote: > > > > ... > > > > However, I did add the winbind to the system-auth like this: > > > > auth required pam_env.so > > > > auth sufficient /lib/security/pam_winbind.so > > > > auth sufficient pam_unix.so use_first_pass likeauth > > > > nullok > > > > > > > > account required pam_unix.so > > > > > > > > password sufficient pam_winbind.so > > > > password required pam_cracklib.so difok=2 minlen=8 > > > > dcredit=2 ocredit=2 retry=3 > > > > password sufficient pam_unix.so nullok md5 shadow use_authtok > > > > password required pam_deny.so > > > > > > > > session required pam_limits.so > > > > session required pam_unix.so > > > > > > > > > > > > Now I can ssh to the box but I as soon as I are logged on I'm > > > > kicked off! > > > > > > Do the winbind users have a shell & homedir? > > > > > > I'm afraid I can't recall how the shell is defined for them, but > > > I use pam_mkhomedir for the latter. I have always used > > > courier-imap at home, but it doesn't use a pam session, required > > > for pam_mkhomedir, so chose Dovecot IMAP for this office. I'm > > > pretty sure that ssh works fine with pam_mkhomedir, tho'. > > > > > > Stroller. > > > > > > > Yes the have home folders. I think that you set the shell with > > "template shell" in smb.conf!(?) > > > > Now it's working! It was file permissions, the home folder was set to > 770 but if I chmod to 750 it worked! > > Thanks for your time!!! > > > \\troback > Hmmm...spoke to early:-] Well I can logon but if I enter a blank/wrong password I can logon anyway! Here are my /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass likeauth nullok account required pam_unix.so account sufficient pam_winbind.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 ret ry=3 password sufficient pam_winbind.so password sufficient pam_unix.so nullok md5 shadow use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so -- ============================================ Microsoft is not the answer. Microsoft is the question. And 'No' is the answer! -------------------------------------------- Anders Trobäck http://www.troback.com -- [EMAIL PROTECTED] mailing list