Mike Leone on 28 Mar 2010 09:11:40 -0700 |
Ben Love had this to say: > Adding try_first_pass or use_first_pass will probably fix your multiple > password problem. We don't have that though, so I'm not sure why that's > different for you. I'll give that a shot. > As for the order, you probably want pam_unix first, because local > password lookups are probably faster than network lookups. Just make > sure whichever one is first has the success=2. The <integer> means skip > the next <integer> modules. Namely, on success you want to skip the > pam_deny module. AH. A bit of fog lifts ... >>> What is the output of `getent passwd $user` ? I wonder if your shell is >>> not set to an sh variant. >> # getent passwd DACRIB+ldap-proxy >> DACRIB+ldap-proxy:*:10006:10012:LDAP Proxy:/home/DACRIB:/bin/false >> >> I suppose it's that "/bin/false" that's doing it? How can I change that, >> only for my AD domain users? My local Linux users show "/bin/bash". > > So, your logins are successful. The shell just exits immediately and > the user logs out! It looks like you need "template shell = /bin/bash" > in your smb.conf file. (At least that's what Google tells me.) And it just told me the same. And that works! I was able to login. WooHoo! :-) DACRIB+ldap-proxy@workhorse:~$ pwd /home/DACRIB/ldap-proxy DACRIB+ldap-proxy@workhorse:~$ So huge progress! I will try tweaking the "common-auth" as suggested. Later, I will try other things like login scripts and such. Maybe I will try to change the smb.conf to not require the domain name; that would be much cleaner. I just left it that way, to make sure the local users and domain users stood out visually from each other. I'm sure there are other things to play with. Good practice and knowledge (maybe) for use at work. I learned postfix at home the same way, and used it at work for like 4 years. Thanks everyone for the help. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|