|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Ongoing saga with Samba and AD
|
Stephen Gran had this to say:
> On Sun, Mar 28, 2010 at 12:35:59AM -0400, Mike Leone said:
>> Looks like it *should* be working - it's using kerberos, as I told
>> winbind to do; I see "request wbcLogonUser succeeded". I see "granted
>> access". Then I see the session closed. :-(
>>
>> I suppose this means that tomorrow, I concentrate on the
>> "common-ssession" parts of /etc/pam.d
>
> You want something like:
> auth sufficent pam_windbind.so
> auth required pam_unix.so try_first_pass
> in your pam config file.
# cat common-auth
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_winbind.so krb5_auth
krb5_ccache_type=FILE debug
auth requisite pam_deny.so
auth required pam_permit.so
> What is the output of `getent passwd $user` ? I wonder if your shell is
> not set to an sh variant.
# getent passwd DACRIB+ldap-proxy
DACRIB+ldap-proxy:*:10006:10012:LDAP Proxy:/home/DACRIB:/bin/false
I suppose it's that "/bin/false" that's doing it? How can I change that,
only for my AD domain users? My local Linux users show "/bin/bash".
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|