#%PAM-1.0 auth required pam_env.so auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass auth required pam_stack.so service=system-auth auth required pam_nologin.so account sufficient pam_winbind.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_stack.so service=system-auth session optional pam_console.so
That will allow gdm to authenticate the user, but it will not allow usernames with a + or \ separator so the way around that is to set the following option:
winbind use default domain = yes
that will allow loging in with just the username. The only problem occurs when you have a user from another domain that needs to login.
Patrick
Brett Hales wrote:
Hi,
I am currently trying to set up a RedHat 9 Linux client to authenticate against a Windows 2000 Active Directory server.
Using the Winbind documentation I have successfully authenticated however I now have a problem with gdm.
Jun 18 12:18:48 jerry pam_winbind[1192]: user 'AU+Bhales' granted acces Jun 18 12:18:48 jerry pam_winbind[1192]: user 'AU+Bhales' granted acces Jun 18 12:18:49 jerry gdm(pam_unix)[1192]: session opened for user AU+Bhales by (uid=0) Jun 18 12:18:49 jerry gdm[1202]: gdm_slave_session_start: User not allowed to log in
Does anybody know why gdm_slave_session_start is not allowing me to login when pam_winbind has already authenticated me?
Thanks,
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
