problems with pam_localuser.so
Taylor Lewick
taylor.lewick at gmail.com
Fri Dec 11 16:31:03 UTC 2009
We have two types of servers we are supporting in production.
Suse 10.2 and Suse 11.0
We have a setup where our Linux servers are integrated with Active directory
via samba/winbind/kerberos.
So local linux accounts authenticate normally, and domain accounts go
against AD.
We had a situation where we have an AD account, that we also want to be a
local only linux account.
So we configured pam with the pam_localuser.so module to check if the
account is local to the system, and if so, skip the domain login.
This is accomplished by the following in common-password
password [default=ignore success=1] pam_localuser.so
password sufficient pam_winbind.so
password required pam_unix2.so nullok
This works great on the 11.0 servers. When we tried this on the 10.2
servers, entering password only brings up the NT option to change password.
On the 10.2 server, when we try and run passwd to test changing local system
passwd, in /var/log/messages I see:
PAM unable to resolve symbol: pam_sm_chauthtok
If I remove the pam_localuser.so then I no longer see the pam_sm_chauthok
messages, but I also can't get passwd command to change account password
locally for the account that is AD and local.
Any ideas on how to fix or work-around?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20091211/a56d146a/attachment.htm>
More information about the Pam-list
mailing list