Okay the false text error when opening a terminal no longer happens when I open a terminal but now I get the *Wrong password* text error when I su to root in an open terminal.
On Thu, Oct 9, 2008 at 4:29 PM, Royce Souther <[EMAIL PROTECTED]> wrote: > I removed the system from the domain and rejoined the domain and now the > error popup says Wrong password but still lets me in and the error when I > open a terminal is gone. I may have joined to a different server before but > I still have the problem of a false popup. > > > > On Thu, Oct 9, 2008 at 2:49 PM, Royce Souther <[EMAIL PROTECTED]> wrote: > >> This almost works >> *# /etc/pam.d/common-auth >> auth required pam_mount.so >> auth required pam_group.so use_first_pass >> auth required pam_nologin.so >> auth sufficient pam_winbind.so use_first_pass >> auth sufficient pam_unix.so use_first_pass nullok_secure >> * >> The local admin account can login, network user accounts can login and >> they get their home directories mounted correctly, also invalid accounts >> cannot login. >> >> There is just one small problem. Every time someone logins in they get an >> Access Denied popuup in GDM and the same text message when they open a >> terminal program. >> >> I did not modify the /etc/pam.d/login file and I am thinking that could be >> causing this error at GDM login and terminal start up. Does your book say >> that I need to modify the /etc/pam.d/login file? Or do you have an idea why >> I get this error? From what I can tell so far everything is working as >> expected, except for that popup. >> >> >> >> On Thu, Oct 9, 2008 at 9:00 AM, Royce Souther <[EMAIL PROTECTED]> wrote: >> >>> I did not try the sufficient option with pam_winbind, that would in my >>> mind stop it from continuing if it was able to qualify an account. I think >>> that was the problem I had before. Without the sufficient option pam would >>> qualify an account login then reject it from the local system. >>> >>> I am going to try this right away. Thanks. >>> >>> >>> On Thu, Oct 9, 2008 at 2:40 AM, Gustin Johnson <[EMAIL PROTECTED]>wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Royce Souther wrote: >>>> > Thanks for the link. I ordered the book but it will not be here for a >>>> > few weeks. Learning PAM has been on my must do list for a very long >>>> time. >>>> > >>>> > I can post my PAM changes if you think looking at what I did may help >>>> to >>>> > spot the problem. Any help would be greatly appreciated. >>>> > >>>> >>>> For pam winbind the book suggests that winbind authentication is >>>> followed by pam_unix (or pam_unix2) for local accounts. This should >>>> allow root to always log in, even if the domain or network is down. >>>> >>>> auth required pam_nologin.so >>>> auth sufficient pam_winbind.so >>>> auth required pam_unix.so use_first_pass >>>> >>>> The book is a good read, and the section on AD integration is pretty >>>> cool. Instead of vanilla LDAP, the example in the book uses samba, >>>> winbind, kerberos and PAM. Pretty slick all told. >>>> >>>> If you want to post your pam changes (the complete files that you >>>> changed) I can have a gander at them and hopefully spot something >>>> obvious. >>>> >>>> Hth, >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1.4.6 (GNU/Linux) >>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >>>> >>>> iD8DBQFI7cN+wRXgH3rKGfMRAvKAAJ4q+Kypi/gXcYnhNfHo3OhyGahcOQCggBX1 >>>> 66EPb0tkUmnD3D5jxGS2oG0= >>>> =MiTI >>>> -----END PGP SIGNATURE----- >>>> >>>> _______________________________________________ >>>> clug-talk mailing list >>>> [email protected] >>>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >>>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >>>> **Please remove these lines when replying >>>> >>> >>> >>> >>> -- >>> http://www.Radados.org >>> >> >> >> >> -- >> http://www.Radados.org >> > > > > -- > http://www.Radados.org > -- http://www.Radados.org
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
