[K12OSN] Samba/Pam issue

Henry Burroughs hburroughs at HHPREP.ORG
Thu Sep 16 19:22:08 UTC 2004

Background: On this server, I am getting my user information via LDAP,
and I am authenticating via kerberos to my Active Directory domain.  I
am also using the pam_mkhomedir setup so I don't have to create
directories anymore (yay!!!).  I've put it into /etc/pam.d/system-auth
which takes care of ssh, gdm, and theoretically samba share mounts
(somebody correct me right here if I am wrong... my user's shares will
be on this server, some are now, and I want the shares to be created
when they connect via windows version blah blah).

Now, the pam_mkhomedir was not working for samba, so I turned on the
"obey pam restrictions = yes" in my smb.conf file.   Now, users cannot
mount their directories at all (samba/pam seems to get hung up on the
ACCOUNT directives in PAM), and I get messages like
"smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
<username>!" in my /var/log/messages file.  I've done some googling on
this, and is something in my configuration not correct (but gdm, ssh
work perfectly, so PAM is happy)... should I try another ACCOUNT
directive (other than ACCOUNT required pam_stack.so
service=system-auth), because it doesn't like it when I disable that

This is about the only problem I have to finish rolling out my server
(except for writing a script to add unix UIDs and other info to 400
users in AD so they can log in in the first place).

Henry Burroughs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20040916/bb01c4aa/attachment.htm>

More information about the K12OSN mailing list