After days of reading documentation and searching, I finally have a RedHat Linux machine authentication users to a Windows 2000 Server running Active Directory, using Kerberos. After installed pam_krb5, I can even /bin/su - user and use the correct password for the AD machine and get a shell prompt. However, the login function is broken. Whenever I attempt to login via telnet or simply the 'login' program, I get rejected with a 'Session setup problem, abort.' Checking /var/log/messages gives this:
Jun 11 15:42:33 bach login[24922]: pam_krb5: authentication succeeds for `joe' Jun 11 15:42:33 bach login[24922]: initgroups: Operation not permitted What does that second line indicate is at fault? I am apparently getting through to the AD server, just not letting me login. For reference, I have attached below my /etc/pam.d/login, /etc/pam.d/su, and the messages from when I /bin/su into the user account (which does give me a shell prompt). Any help would be greatly appreciated. TIA, -- Matt Lesko >From /var/log/messages (after sucessful /bin/su - user): Jun 11 15:45:48 bach su[24927]: pam_krb5: authentication succeeds for `joe' Jun 11 15:45:48 bach su[24927]: pam_krb5: `Operation not permitted' setting owner of ccache Jun 11 15:45:48 bach su(pam_unix)[24927]: session opened for user joe by matt(uid=500) /etc/pam.d/su: auth sufficient /lib/security/pam_unix.so shadow md5 nullok likeauth auth required /lib/security/pam_krb5.so use_first_pass account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_unix.so shadow md5 use_authtok nullok session optional /lib/security/pam_krb5.so session required /lib/security/pam_unix.so session optional /lib/security/pam_xauth.so /etc/pam.d/login: auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_unix.so shadow md5 nullok likeauth auth required /lib/security/pam_krb5.so use_first_pass account sufficient /lib/security/pam_krb5.so use_first_pass debug account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so password sufficient /lib/security/pam_unix.so shadow md5 nullok use_authtok password required /lib/security/pam_krb5.so session sufficient /lib/security/pam_unix.so session required /lib/security/pam_krb5.so session optional /lib/security/pam_console.so ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
