Not sure if with AD you should use pam_ldap or pam_winbind, but here
is my config (you should join the domain before)
/etc/nsswitch.conf (just the relevant lines)
passwd: compat winbind
group: compat winbind
/etc/pam.d/sshd
#%PAM-1.0
auth required pam_unix2.so # set_secrpc
auth required pam_nologin.so
auth required pam_env.so
account required pam_unix2.so
account required pam_nologin.so
password required pam_pwcheck.so
password required pam_unix2.so use_first_pass use_authtok
session optional pam_mkhomedir.so
session required pam_unix2.so none # trace or debug
session required pam_limits.so
/etc/pam.d/login
#%PAM-1.0
auth requisite pam_unix2.so nullok #set_secrpc
auth required pam_securetty.so
auth required pam_nologin.so
auth required pam_env.so
auth required pam_mail.so
account required pam_unix2.so
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass
use_authtok
session optional pam_mkhomedir.so
session required pam_unix2.so none # debug or trace
session required pam_limits.so
session required pam_resmgr.so
/etc/security/pam_unix2.conf
auth: call_modules=winbind
account: call_modules=winbind
password:
session: none
Hope it helps you
On Fri, 4 Feb 2005 20:15:51 +0100, Markus Feilner
Am Dienstag, 18. Januar 2005 04:47 schrieb Ciro Iriarte:
Thanks a lot, that solved the problem, just copied some parts of my old config and didn't check the rest!!
Could you please post (or send me, if you don't like to publish them ;-) ) the relevant pam.d files? I try the same with ADS, but I didn' get shell login with autocreation of Homedirs to work flawlessly (main error was: User not known to the underlying authentification module) Thanks!
On Sat, 15 Jan 2005 22:20:55 +0100, Christian Boltz
wrote: Hello,
Am Samstag, 15. Januar 2005 11:13 schrieb Ciro Iriarte:
BUT, i'm having a little problem with sudo, any time an nt-domain-user runs it, sudo prompts for password (as it should), but it never accepts it!!.
Have a look at you sudo configuration ("visudo"). Is the targetpw option set? If yes, the _root_ password is expected.
Regards,
Christian Boltz -- No trees were killed in the sending of this message. However a large number of electrons were terribly inconvenienced.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Mit freundlichen Grüßen Markus Feilner --------------------------- Bitte beachten Sie unsere neuen Adressdaten! Vielen Dank. --------------------------- Feilner IT Linux & GIS Linux Solutions, Training, Seminare und Workshops - auch Inhouse Beraiterweg 4 93047 Regensburg fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092 mail mfeilner@feilner-it.net web http://www.feilner-it.net