I did not try the sufficient option with pam_winbind, that would in my mind stop it from continuing if it was able to qualify an account. I think that was the problem I had before. Without the sufficient option pam would qualify an account login then reject it from the local system.
I am going to try this right away. Thanks. On Thu, Oct 9, 2008 at 2:40 AM, Gustin Johnson <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Royce Souther wrote: > > Thanks for the link. I ordered the book but it will not be here for a > > few weeks. Learning PAM has been on my must do list for a very long time. > > > > I can post my PAM changes if you think looking at what I did may help to > > spot the problem. Any help would be greatly appreciated. > > > > For pam winbind the book suggests that winbind authentication is > followed by pam_unix (or pam_unix2) for local accounts. This should > allow root to always log in, even if the domain or network is down. > > auth required pam_nologin.so > auth sufficient pam_winbind.so > auth required pam_unix.so use_first_pass > > The book is a good read, and the section on AD integration is pretty > cool. Instead of vanilla LDAP, the example in the book uses samba, > winbind, kerberos and PAM. Pretty slick all told. > > If you want to post your pam changes (the complete files that you > changed) I can have a gander at them and hopefully spot something obvious. > > Hth, > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFI7cN+wRXgH3rKGfMRAvKAAJ4q+Kypi/gXcYnhNfHo3OhyGahcOQCggBX1 > 66EPb0tkUmnD3D5jxGS2oG0= > =MiTI > -----END PGP SIGNATURE----- > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying > -- http://www.Radados.org
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
