On Thu, 2003-06-19 at 09:02, Patrick Gunerud wrote:
> The only way I could get it to work was to have the following gdm pam
> config:
>
Excellent - I have successfully logged into GDM using W2K ADS.
Thanks for the assistance.
Brett Hales
> #%PAM-1.0
> auth requiredpam_env.so
> auth sufficient pam_winbind.so
> auth sufficient pam_unix.so use_first_pass
> auth requiredpam_stack.so service=system-auth
> auth requiredpam_nologin.so
> accountsufficient pam_winbind.so
> accountrequiredpam_stack.so service=system-auth
> password requiredpam_stack.so service=system-auth
> sessionrequired pam_mkhomedir.so skel=/etc/skel/ umask=0022
> sessionrequiredpam_stack.so service=system-auth
> sessionoptional pam_console.so
>
> That will allow gdm to authenticate the user, but it will not allow
> usernames with a + or \ separator so the way around that is to set the
> following option:
>
> winbind use default domain = yes
>
> that will allow loging in with just the username. The only problem
> occurs when you have a user from another domain that needs to login.
>
> Patrick
>
>
> Brett Hales wrote:
>
> >Hi,
> >
> >I am currently trying to set up a RedHat 9 Linux client to authenticate
> >against a Windows 2000 Active Directory server.
> >
> >Using the Winbind documentation I have successfully authenticated
> >however I now have a problem with gdm.
> >
> >Jun 18 12:18:48 jerry pam_winbind[1192]: user 'AU+Bhales' granted acces
> >Jun 18 12:18:48 jerry pam_winbind[1192]: user 'AU+Bhales' granted acces
> >Jun 18 12:18:49 jerry gdm(pam_unix)[1192]: session opened for user
> >AU+Bhales by (uid=0)
> >Jun 18 12:18:49 jerry gdm[1202]: gdm_slave_session_start: User not
> >allowed to log in
> >
> >Does anybody know why gdm_slave_session_start is not allowing me to
> >login when pam_winbind has already authenticated me?
> >
> >Thanks,
> >
> >
> >
--
Brett Hales <[EMAIL PROTECTED]>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
