Re: [suse-security] pam_winbind problem ...User not known to the underlying authentication module
Message-ID: <REfBP6x3toMX1dymaz5YdCk=lge@web.de> Reply-To: In-Reply-To: <200403121253.58396.mfeilner@feilner-it.net> / 2004-03-12 13:05:33 +0100 \ Markus Feilner:
Hello List, I have successfully integrated samba 3 to ADS Domain, and now i want to allow domain-users to access services on my linux box. For testing i chose /etc/pam.d/login and tried to allow ADS Users access to the console. But i always get the following errors:
Mar 12 12:45:59 cuba90 pam_winbind[9011]: user 'r-ermer+mfeilner' granted acces Mar 12 12:45:59 cuba90 login[9011]: User not known to the underlying authentication module
guessing only: it might be that the "not known" error comes from pam_mkhomedir Lars Ellenberg
r-ermer is the correct domain, user is auth'd correctly, but no access is given. Why? I do not understand the second error, about User not known ... . Here is my /etc/pam.d/login:
#%PAM-1.0 auth required pam_securetty.so auth required pam_env.so auth sufficient pam_unix2.so nullok auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so auth required pam_nologin.so account sufficient pam_winbind.so account required pam_unix2.so password required pam_pwcheck.so nullok #password required pam_unix2.so nullok use_first_pass use_authtok session sufficient pam_unix2.so none # debug or trace session sufficient pam_limits.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
I am running SuSE 9.0, and i remember that this used to work with an NT domain under SuSE 8.0 - but what did I do wrong? Thanks!!!
Am Freitag, 12. März 2004 15:35 schrieb Lars Ellenberg:
Message-ID: <REfBP6x3toMX1dymaz5YdCk=lge@web.de> Reply-To: In-Reply-To: <200403121253.58396.mfeilner@feilner-it.net>
/ 2004-03-12 13:05:33 +0100
\ Markus Feilner:
Hello List, I have successfully integrated samba 3 to ADS Domain, and now i want to allow domain-users to access services on my linux box. For testing i chose /etc/pam.d/login and tried to allow ADS Users access to the console. But i always get the following errors:
Mar 12 12:45:59 cuba90 pam_winbind[9011]: user 'r-ermer+mfeilner' granted acces Mar 12 12:45:59 cuba90 login[9011]: User not known to the underlying authentication module
guessing only: it might be that the "not known" error comes from pam_mkhomedir
Why? Nope. I commented that line out and tried again - nothing!) I found comments about winbind-nscd problems... might that be relevant
Lars Ellenberg
r-ermer is the correct domain, user is auth'd correctly, but no access is given. Why? I do not understand the second error, about User not known ... . Here is my /etc/pam.d/login:
#%PAM-1.0 auth required pam_securetty.so auth required pam_env.so auth sufficient pam_unix2.so nullok auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so auth required pam_nologin.so account sufficient pam_winbind.so account required pam_unix2.so password required pam_pwcheck.so nullok #password required pam_unix2.so nullok use_first_pass use_authtok session sufficient pam_unix2.so none # debug or trace session sufficient pam_limits.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
I am running SuSE 9.0, and i remember that this used to work with an NT domain under SuSE 8.0 - but what did I do wrong? Thanks!!!
-- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net
participants (2)
-
Lars Ellenberg -
Markus Feilner