I removed the system from the domain and rejoined the domain and now the error popup says Wrong password but still lets me in and the error when I open a terminal is gone. I may have joined to a different server before but I still have the problem of a false popup.
On Thu, Oct 9, 2008 at 2:49 PM, Royce Souther <[EMAIL PROTECTED]> wrote: > This almost works > *# /etc/pam.d/common-auth > auth required pam_mount.so > auth required pam_group.so use_first_pass > auth required pam_nologin.so > auth sufficient pam_winbind.so use_first_pass > auth sufficient pam_unix.so use_first_pass nullok_secure > * > The local admin account can login, network user accounts can login and they > get their home directories mounted correctly, also invalid accounts cannot > login. > > There is just one small problem. Every time someone logins in they get an > Access Denied popuup in GDM and the same text message when they open a > terminal program. > > I did not modify the /etc/pam.d/login file and I am thinking that could be > causing this error at GDM login and terminal start up. Does your book say > that I need to modify the /etc/pam.d/login file? Or do you have an idea why > I get this error? From what I can tell so far everything is working as > expected, except for that popup. > > > > On Thu, Oct 9, 2008 at 9:00 AM, Royce Souther <[EMAIL PROTECTED]> wrote: > >> I did not try the sufficient option with pam_winbind, that would in my >> mind stop it from continuing if it was able to qualify an account. I think >> that was the problem I had before. Without the sufficient option pam would >> qualify an account login then reject it from the local system. >> >> I am going to try this right away. Thanks. >> >> >> On Thu, Oct 9, 2008 at 2:40 AM, Gustin Johnson <[EMAIL PROTECTED]>wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Royce Souther wrote: >>> > Thanks for the link. I ordered the book but it will not be here for a >>> > few weeks. Learning PAM has been on my must do list for a very long >>> time. >>> > >>> > I can post my PAM changes if you think looking at what I did may help >>> to >>> > spot the problem. Any help would be greatly appreciated. >>> > >>> >>> For pam winbind the book suggests that winbind authentication is >>> followed by pam_unix (or pam_unix2) for local accounts. This should >>> allow root to always log in, even if the domain or network is down. >>> >>> auth required pam_nologin.so >>> auth sufficient pam_winbind.so >>> auth required pam_unix.so use_first_pass >>> >>> The book is a good read, and the section on AD integration is pretty >>> cool. Instead of vanilla LDAP, the example in the book uses samba, >>> winbind, kerberos and PAM. Pretty slick all told. >>> >>> If you want to post your pam changes (the complete files that you >>> changed) I can have a gander at them and hopefully spot something >>> obvious. >>> >>> Hth, >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.6 (GNU/Linux) >>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >>> >>> iD8DBQFI7cN+wRXgH3rKGfMRAvKAAJ4q+Kypi/gXcYnhNfHo3OhyGahcOQCggBX1 >>> 66EPb0tkUmnD3D5jxGS2oG0= >>> =MiTI >>> -----END PGP SIGNATURE----- >>> >>> _______________________________________________ >>> clug-talk mailing list >>> [email protected] >>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >>> **Please remove these lines when replying >>> >> >> >> >> -- >> http://www.Radados.org >> > > > > -- > http://www.Radados.org > -- http://www.Radados.org
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
