Hello, I'm trying to get a debian sid box to authenticate against an NT4 domain. I've followed the instructions in the winbindd man page and I think I'm on the right track. However, I'm having problems with PAM.
As the winbindd man page suggests, I edited the /etc/nsswitch.conf and added some winbindd related stuff to my smb.conf file. I also edited the /etc/pam.d/* files. This is where I'm having problems... more on that later. I joined the domain using this: net join -U Administrator I was prompted for a password and was allowed to join the domain. I ran the winbindd program just to make sure it is up and running, then I did this: wbinfo -t And that told me that the trust relationship with the domain is ok. So, my linux box is part of the NT4 domain and things look good. I can walk over to the N4 domain controller and see a computer account for my linux box. I can do wbinfo -u on my linux box and see a list of all the windows domain users... and I'm starting to smell success. But wait... Here is where the problem starts. I want use a Windows domain account to login to the linux box. For instance, I should be able to use the windows Administrator account to login on my linux box. So I go to a terminal and try to log in as Administrator and it says "permission denied". I've screwed around with the /etc/pam.d/* files enough to allow me to login via a linux terminal using the Windows Administrator account, but I haven't been able to do the same with GDM/Gnome. I eventually screwed around with these files enough to lock myself out of my system, but got back in. ;-) So, I guess I need help understanding the /etc/pam.d/* files. The winbindd man page says this: ------- In /etc/pam.d/* replace the auth lines with something like this: auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok Note in particular the use of the sufficient keyword and the use_first_pass keyword. Now replace the account lines with this: account required /lib/security/pam_winbind.so ------- When I edited the pam.d files, anytime I saw a line that starts with auth, I commented it out and inserted all of the above lines that start with auth. Likewise, I made similar edits for lines that start with account. I don't really understand with this means though... Any suggestions? Am I doing something out of order? Thanks! Charles -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba