This almost works *# /etc/pam.d/common-auth auth required pam_mount.so auth required pam_group.so use_first_pass auth required pam_nologin.so auth sufficient pam_winbind.so use_first_pass auth sufficient pam_unix.so use_first_pass nullok_secure * The local admin account can login, network user accounts can login and they get their home directories mounted correctly, also invalid accounts cannot login.
There is just one small problem. Every time someone logins in they get an Access Denied popuup in GDM and the same text message when they open a terminal program. I did not modify the /etc/pam.d/login file and I am thinking that could be causing this error at GDM login and terminal start up. Does your book say that I need to modify the /etc/pam.d/login file? Or do you have an idea why I get this error? From what I can tell so far everything is working as expected, except for that popup. On Thu, Oct 9, 2008 at 9:00 AM, Royce Souther <[EMAIL PROTECTED]> wrote: > I did not try the sufficient option with pam_winbind, that would in my mind > stop it from continuing if it was able to qualify an account. I think that > was the problem I had before. Without the sufficient option pam would > qualify an account login then reject it from the local system. > > I am going to try this right away. Thanks. > > > On Thu, Oct 9, 2008 at 2:40 AM, Gustin Johnson <[EMAIL PROTECTED]> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Royce Souther wrote: >> > Thanks for the link. I ordered the book but it will not be here for a >> > few weeks. Learning PAM has been on my must do list for a very long >> time. >> > >> > I can post my PAM changes if you think looking at what I did may help to >> > spot the problem. Any help would be greatly appreciated. >> > >> >> For pam winbind the book suggests that winbind authentication is >> followed by pam_unix (or pam_unix2) for local accounts. This should >> allow root to always log in, even if the domain or network is down. >> >> auth required pam_nologin.so >> auth sufficient pam_winbind.so >> auth required pam_unix.so use_first_pass >> >> The book is a good read, and the section on AD integration is pretty >> cool. Instead of vanilla LDAP, the example in the book uses samba, >> winbind, kerberos and PAM. Pretty slick all told. >> >> If you want to post your pam changes (the complete files that you >> changed) I can have a gander at them and hopefully spot something obvious. >> >> Hth, >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.6 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQFI7cN+wRXgH3rKGfMRAvKAAJ4q+Kypi/gXcYnhNfHo3OhyGahcOQCggBX1 >> 66EPb0tkUmnD3D5jxGS2oG0= >> =MiTI >> -----END PGP SIGNATURE----- >> >> _______________________________________________ >> clug-talk mailing list >> [email protected] >> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >> **Please remove these lines when replying >> > > > > -- > http://www.Radados.org > -- http://www.Radados.org
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
