Hello All: I've posted this to the Samba list with no success and I'm hoping someone here will have experience with this configuration. We're using Winbind to authenticate against an Active Directory and it works perfectly *if* the user is in the local password database. If the user is not, then it fails.
We want to have the authentication credentials be accepted from the AD, bypassing the local password database. Although it may be a problem internal to pam_winbind.so, I'm hoping it's just a configuration glitch on my end. I've attached a copy of my sshd PAM configuration. If anyone can shed light on this issue it would be greatly appreciated. # # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service # # auth auth required pam_nologin.so no_warn auth sufficient /usr/local/samba/lib/pam_winbind.so auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account #account required pam_krb5.so account required /usr/local/samba/lib/pam_winbind.so account required pam_login_access.so account required pam_unix.so try_first_pass # session #session optional pam_ssh.so session required /usr/local/lib/pam_mkhomedir.so skel=/etc/skel umask=0022 session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password sufficient /usr/local/samba/lib/pam_winbind.so try_first_pa ss password required pam_unix.so no_warn try_first_pass Regards, Mike _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"