Hosting Provided By

Re: [gentoo-user] Winbind...

From: Anders Trobäck <public(at)troback.com>
Date: Tue Jul 31 2007 - 07:37:19 EDT

On Tue, 31 Jul 2007 07:44:38 +0200
Anders Trobäck <public@troback.com> wrote:

> On Mon, 30 Jul 2007 15:44:14 +0200
> Anders Trobäck <public@troback.com> wrote:
>
> > On Mon, 30 Jul 2007 14:17:37 +0100
> > Stroller <stroller@stellar.eclipse.co.uk> wrote:
> >
> > >
> > > On 30 Jul 2007, at 12:07, Anders Trobäck wrote:
> > > > ...
> > > > However, I did add the winbind to the system-auth like this:
> > > > auth required pam_env.so
> > > > auth sufficient /lib/security/pam_winbind.so
> > > > auth sufficient pam_unix.so use_first_pass likeauth
> > > > nullok
> > > >
> > > > account required pam_unix.so
> > > >
> > > > password sufficient pam_winbind.so
> > > > password required pam_cracklib.so difok=2 minlen=8
> > > > dcredit=2 ocredit=2 retry=3
> > > > password sufficient pam_unix.so nullok md5 shadow use_authtok
> > > > password required pam_deny.so
> > > >
> > > > session required pam_limits.so
> > > > session required pam_unix.so
> > > >
> > > >
> > > > Now I can ssh to the box but I as soon as I are logged on I'm
> > > > kicked off!
> > >
> > > Do the winbind users have a shell & homedir?
> > >
> > > I'm afraid I can't recall how the shell is defined for them, but
> > > I use pam_mkhomedir for the latter. I have always used
> > > courier-imap at home, but it doesn't use a pam session, required
> > > for pam_mkhomedir, so chose Dovecot IMAP for this office. I'm
> > > pretty sure that ssh works fine with pam_mkhomedir, tho'.
> > >
> > > Stroller.
> > >
> >
> > Yes the have home folders. I think that you set the shell with
> > "template shell" in smb.conf!(?)
> >
>
> Now it's working! It was file permissions, the home folder was set to
> 770 but if I chmod to 750 it worked!
>
> Thanks for your time!!!
>
>
> \\troback
>

Hmmm...spoke to early:-]

Well I can logon but if I enter a blank/wrong password I can logon anyway!

Here are my /etc/pam.d/system-auth

auth       required     pam_env.so
auth       sufficient   pam_winbind.so
auth       sufficient   pam_unix.so use_first_pass likeauth nullok

account    required     pam_unix.so

account sufficient pam_winbind.so

password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 ret ry=3

password   sufficient   pam_winbind.so
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   required     pam_deny.so

session    required     pam_limits.so
session    required     pam_unix.so

-- 

============================================
Microsoft is not the answer.
Microsoft is the question.
And 'No' is the answer!
--------------------------------------------
Anders Trobäck
http://www.troback.com
-- 
gentoo-user@gentoo.org mailing list

Received on Tue Jul 31 07:39:03 2007

This message: [ Message body ]
Previous message: Anders Trobäck: "Re: [gentoo-user] where to place command to be executed on X.org start"
In reply to: Anders Trobäck: "Re: [gentoo-user] Winbind..."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Fri Sep 07 2007 - 02:23:14 EDT