[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: pam/winbind user not found problem

What is the best starter documentation on pam?
Save me a web search!

-----Original Message-----
From: pam-list-bounces redhat com [mailto:pam-list-bounces redhat com] On
Behalf Of Terry
Sent: Wednesday, July 15, 2009 10:49 AM
To: pam-list redhat com
Subject: pam/winbind user not found problem


Sorry for the generic subject. I am not sure how to classify the
problem more accurately.

I am running pam- on RHEL 5.3.  I have an application
that uses pam.  Out of the box, it has this configuration file in
auth       include      system-auth
account    include      system-auth
password   include      system-auth

My system auth contains this:
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_winbind.so use_first_pass
auth        required      pam_deny.so
account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
account     required      pam_permit.so
password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so
session     required      pam_mkhomedir.so skel=/etc/skel umask=077

SSH authentication with active directory accounts works just fine.
The usernames are formatted as DOMAIN+username.  However, they do not
work with this application for some reason.  The developer claims that
the formatting shouldn't be a problem with their app so I am double
checking here.   When I try to auth with the application, I get this
in /var/log/secure:

Jul 15 10:40:59 omadvdss01c DS-System[6827]: pam_unix(dssystem:auth):
check pass; user unknown
Jul 15 10:40:59 omadvdss01c DS-System[6827]: pam_unix(dssystem:auth):
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul 15 10:40:59 omadvdss01c DS-System[6827]:
pam_succeed_if(dssystem:auth): error retrieving information about user

Just to prove I can see that user, here is a 'getent passwd':
DOMAIN+username:*:15000:15019:User Name:/home/DOMAIN/username:/bin/bash

Any ideas?

Pam-list mailing list
Pam-list redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]