| 1 |
On Tue, 31 Jul 2007 07:44:38 +0200 |
| 2 |
Anders Trobäck <public@×××××××.com> wrote: |
| 3 |
|
| 4 |
> On Mon, 30 Jul 2007 15:44:14 +0200 |
| 5 |
> Anders Trobäck <public@×××××××.com> wrote: |
| 6 |
> |
| 7 |
> > On Mon, 30 Jul 2007 14:17:37 +0100 |
| 8 |
> > Stroller <stroller@××××××××××××××××××.uk> wrote: |
| 9 |
> > |
| 10 |
> > > |
| 11 |
> > > On 30 Jul 2007, at 12:07, Anders Trobäck wrote: |
| 12 |
> > > > ... |
| 13 |
> > > > However, I did add the winbind to the system-auth like this: |
| 14 |
> > > > auth required pam_env.so |
| 15 |
> > > > auth sufficient /lib/security/pam_winbind.so |
| 16 |
> > > > auth sufficient pam_unix.so use_first_pass likeauth |
| 17 |
> > > > nullok |
| 18 |
> > > > |
| 19 |
> > > > account required pam_unix.so |
| 20 |
> > > > |
| 21 |
> > > > password sufficient pam_winbind.so |
| 22 |
> > > > password required pam_cracklib.so difok=2 minlen=8 |
| 23 |
> > > > dcredit=2 ocredit=2 retry=3 |
| 24 |
> > > > password sufficient pam_unix.so nullok md5 shadow use_authtok |
| 25 |
> > > > password required pam_deny.so |
| 26 |
> > > > |
| 27 |
> > > > session required pam_limits.so |
| 28 |
> > > > session required pam_unix.so |
| 29 |
> > > > |
| 30 |
> > > > |
| 31 |
> > > > Now I can ssh to the box but I as soon as I are logged on I'm |
| 32 |
> > > > kicked off! |
| 33 |
> > > |
| 34 |
> > > Do the winbind users have a shell & homedir? |
| 35 |
> > > |
| 36 |
> > > I'm afraid I can't recall how the shell is defined for them, but |
| 37 |
> > > I use pam_mkhomedir for the latter. I have always used |
| 38 |
> > > courier-imap at home, but it doesn't use a pam session, required |
| 39 |
> > > for pam_mkhomedir, so chose Dovecot IMAP for this office. I'm |
| 40 |
> > > pretty sure that ssh works fine with pam_mkhomedir, tho'. |
| 41 |
> > > |
| 42 |
> > > Stroller. |
| 43 |
> > > |
| 44 |
> > |
| 45 |
> > Yes the have home folders. I think that you set the shell with |
| 46 |
> > "template shell" in smb.conf!(?) |
| 47 |
> > |
| 48 |
> |
| 49 |
> Now it's working! It was file permissions, the home folder was set to |
| 50 |
> 770 but if I chmod to 750 it worked! |
| 51 |
> |
| 52 |
> Thanks for your time!!! |
| 53 |
> |
| 54 |
> |
| 55 |
> \\troback |
| 56 |
> |
| 57 |
|
| 58 |
Hmmm...spoke to early:-] |
| 59 |
|
| 60 |
Well I can logon but if I enter a blank/wrong password I can logon |
| 61 |
anyway! |
| 62 |
|
| 63 |
Here are my /etc/pam.d/system-auth |
| 64 |
|
| 65 |
auth required pam_env.so |
| 66 |
auth sufficient pam_winbind.so |
| 67 |
auth sufficient pam_unix.so use_first_pass likeauth nullok |
| 68 |
|
| 69 |
account required pam_unix.so |
| 70 |
account sufficient pam_winbind.so |
| 71 |
|
| 72 |
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 |
| 73 |
ocredit=2 ret ry=3 |
| 74 |
password sufficient pam_winbind.so |
| 75 |
password sufficient pam_unix.so nullok md5 shadow use_authtok |
| 76 |
password required pam_deny.so |
| 77 |
|
| 78 |
session required pam_limits.so |
| 79 |
session required pam_unix.so |
| 80 |
|
| 81 |
|
| 82 |
-- |
| 83 |
|
| 84 |
============================================ |
| 85 |
Microsoft is not the answer. |
| 86 |
Microsoft is the question. |
| 87 |
And 'No' is the answer! |
| 88 |
-------------------------------------------- |
| 89 |
Anders Trobäck |
| 90 |
http://www.troback.com |
| 91 |
-- |
| 92 |
gentoo-user@g.o mailing list |
Archives