pam/winbind user not found problem
Gary Greene
greeneg at tolharadys.net
Wed Jul 15 17:01:19 UTC 2009
On 7/15/09 9:29 AM, "Landon M. Kelsey, III" <landonmkelsey at hotmail.com>
wrote:
> What is the best starter documentation on pam?
> Save me a web search!
>
> -----Original Message-----
> From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com] On
> Behalf Of Terry
> Sent: Wednesday, July 15, 2009 10:49 AM
> To: pam-list at redhat.com
> Subject: pam/winbind user not found problem
>
> Hello,
>
> Sorry for the generic subject. I am not sure how to classify the
> problem more accurately.
>
> I am running pam-0.99.6.2-4.el5 on RHEL 5.3. I have an application
> that uses pam. Out of the box, it has this configuration file in
> /etc/pam.d:
> #%PAM-1.0
> auth include system-auth
> account include system-auth
> password include system-auth
>
> My system auth contains this:
> auth required pam_env.so
> auth sufficient pam_unix.so nullok try_first_pass
> auth requisite pam_succeed_if.so uid >= 500 quiet
> auth sufficient pam_winbind.so use_first_pass
> auth required pam_deny.so
> account required pam_unix.so broken_shadow
> account sufficient pam_localuser.so
> account sufficient pam_succeed_if.so uid < 500 quiet
> account [default=bad success=ok user_unknown=ignore] pam_winbind.so
> account required pam_permit.so
> password requisite pam_cracklib.so try_first_pass retry=3
> password sufficient pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
> password sufficient pam_winbind.so use_authtok
> password required pam_deny.so
> session optional pam_keyinit.so revoke
> session required pam_limits.so
> session [success=1 default=ignore] pam_succeed_if.so service in
> crond quiet use_uid
> session required pam_unix.so
> session required pam_mkhomedir.so skel=/etc/skel umask=077
>
> SSH authentication with active directory accounts works just fine.
> The usernames are formatted as DOMAIN+username. However, they do not
> work with this application for some reason. The developer claims that
> the formatting shouldn't be a problem with their app so I am double
> checking here. When I try to auth with the application, I get this
> in /var/log/secure:
>
> Jul 15 10:40:59 omadvdss01c DS-System[6827]: pam_unix(dssystem:auth):
> check pass; user unknown
> Jul 15 10:40:59 omadvdss01c DS-System[6827]: pam_unix(dssystem:auth):
> authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
> Jul 15 10:40:59 omadvdss01c DS-System[6827]:
> pam_succeed_if(dssystem:auth): error retrieving information about user
> DOMAIN+username
>
> Just to prove I can see that user, here is a 'getent passwd':
> DOMAIN+username:*:15000:15019:User Name:/home/DOMAIN/username:/bin/bash
>
> Any ideas?
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
You haven't got nscd running have you? If you do, turn it off. It causes
weird auth issues with Winbind.
--
Gary L. Greene, Jr.
==========================================================================
Developer and Project Lead for the AltimatOS open source project
Volunteer Developer for the KDE open source project
See http://www.altimatos.com/ and http://www.kde.org/ for more information
==========================================================================
Please avoid sending me Word or PowerPoint attachments.
More information about the Pam-list
mailing list