[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

trouble getting pam_smb to work with mod_auth_pam



Hi.

I'm trying to get apache to authenticate users against my remote NT
server.  The logs are telling me that NT is successfully authenticating
my test user but another log tells me that the user has expired.  I
believe expiration error is caused by an attempt to lookup the test user
in the password file on the web server.  the user does exist there but
shadow passwords are in use and apache does not have the needed access
to look at it. I don't want any user lookups to happen on the web server
at all, if that's possible.


here's my setup...

#/etc/pam_smb.conf
#######################
WORKGROUP
VPNNET
VPNNET
#######################

i have verified that pam_smb is working without the apache module.

#/etc/pam.d/httpd
################################################################
#%PAM-1.0
#[For version 1.0 syntax, the above header is optional]
#
# The PAM configuration file for the `httpd' service
#

auth       sufficient /lib/security/pam_smb_auth.so debug
################################################################


each time I try to authenticate via apache I get some errors in the
httpd and security log files.

#httpd log
[Tue Apr 10 19:04:55 2001] [error] access to /manual/ failed for 192.168.3.229, reason: User account has expired

#security log
Apr 10 19:04:55 ssldesk2 httpd: pam_smb: Local UNIX username/password check incorrect.
Apr 10 19:04:55 ssldesk2 httpd: pam_smb: Configuration Data, Primary VPNNET, Backup VPNNET, Domain WORKGROUP.
Apr 10 19:04:55 ssldesk2 httpd: pam_smb: Correct NT username/password pair


so it looks like the local username/password lookup is causing an
authentication failure, even though pam_smb is succeeding.  What am I
doing wrong?  I know I must be doing something stupid.

Thanks for any help.

- Ben





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []