Mike Leone on 28 Mar 2010 09:11:40 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Ongoing saga with Samba and AD

Ben Love had this to say:

> Adding try_first_pass or use_first_pass will probably fix your multiple
> password problem.  We don't have that though, so I'm not sure why that's
> different for you.

I'll give that a shot.

> As for the order, you probably want pam_unix first, because local
> password lookups are probably faster than network lookups.  Just make
> sure whichever one is first has the success=2.  The <integer> means skip
> the next <integer> modules.  Namely, on success you want to skip the
> pam_deny module.

AH. A bit of fog lifts ...

>>> What is the output of `getent passwd $user` ?  I wonder if your shell is
>>> not set to an sh variant.
>> # getent passwd DACRIB+ldap-proxy
>> DACRIB+ldap-proxy:*:10006:10012:LDAP Proxy:/home/DACRIB:/bin/false
>> I suppose it's that "/bin/false" that's doing it? How can I change that, 
>> only for my AD domain users? My local Linux users show "/bin/bash".
> So, your logins are successful.  The shell just exits immediately and
> the user logs out!  It looks like you need "template shell = /bin/bash"
> in your smb.conf file.  (At least that's what Google tells me.)

And it just told me the same. And that works! I was able to login. 
WooHoo! :-)

DACRIB+ldap-proxy@workhorse:~$ pwd

So huge progress! I will try tweaking the "common-auth" as suggested.

Later, I will try other things like login scripts and such. Maybe I will 
  try to change the smb.conf to not require the domain name; that would 
be much cleaner. I just left it that way, to make sure the local users 
and domain users stood out visually from each other. I'm sure there are 
other things to play with. Good practice and knowledge (maybe) for use 
at work. I learned postfix at home the same way, and used it at work for 
like 4 years.

Thanks everyone for the help.
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug