To build these files I copy the login pam file and made changes to system-auth and rename to smb-auth.And the PAM configuration is the same on both of these machines? What account modules are listed in /etc/pam.d/radius (or /etc/pam.d/radiusd?) on the machine that doesn't work?
Only the radius users need to authenticate in NT Domain.... local users are normal passwd/shadow users.
Here is the files you ask. They are the same file... In one moment I tar all the pam files from one machine that work to the broken one. But it is unsucessfull:
This is the server that works:
radiusd
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=smb-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=smb-auth
password required /lib/security/pam_stack.so service=smb-auth
session required /lib/security/pam_stack.so service=smb-auth
session optional /lib/security/pam_console.so
smb-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
this is the server that doesn't work
radiusd
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=smb-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=smb-auth
password required /lib/security/pam_stack.so service=smb-auth
session required /lib/security/pam_stack.so service=smb-auth
session optional /lib/security/pam_console.so
smb-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
TIA
Rodolfo
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
