|
Hello, I currently have samba configured with winbind
so that I can login using NT authentication with my domain controller. Winbind
is working perfectly with the domain, I have /etc/pam.d/login
configured perfectly and I can login through the console.etc.. However, when I try to use passwd,
it doesn't prompt for a new password, it does this: bash-2.05b$ passwd Changing password for user ELSHAIR. passwd:
Authentication token manipulation error bash-2.05b$ Here is my system auth-file: # cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth
required
/lib/security/pam_env.so auth
sufficient
/lib/security/pam_winbind.so auth
sufficient
/lib/security/pam_unix.so likeauth
nullok use_first_pass auth
required
/lib/security/pam_deny.so account sufficient /lib/secutiry/pam_winbind.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so[ My /etc/pam.d/passwd file is as
follows: bash-2.05b$ cat /etc/pam.d/passwd #%PAM-1.0 auth
required
/lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth What exactly do I need to change in passwd or
system-auth so that a domain user can change his or her password in linux and for it to update the password in the domain controller.
Please reply with an example of how the entire file should be like. It tends to be a bit confusing when
someone says "the auth line should be so and so" because there are so many auth
lines. Also, I am having problems getting domain users to login through ssh, my /etc/pam.d/sshd
file is this: #%PAM-1.0 auth
required
/lib/security/pam_stack.so service=system-auth auth
required
/lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_limits.so session optional /lib/security/pam_console.so I have tried using the same configuration of /etc/pam.d/login
(which works for console login and telnet) but it doesn't seem to work
with ssh. /var/log/messages doesn't show any
login attempts what so ever when I use the aits+domainUser as login. But obviously when I use a normal user,
it does display the login attempt in the log. If anyone knows how to configure the /etc/pam.d/sshd
to work with domain logins, I would appreciate that too. Please include an example of the whole
file. Thanks, Ferras Elshair |
