Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 9 Nov 2006 08:07:32 -0800
From:      "Michael K. Smith - Adhost" <mksmith@adhost.com>
To:        <freebsd-questions@freebsd.org>
Subject:   FreeBSD 6.1 PAM Configuration Problem
Message-ID:  <17838240D9A5544AAA5FF95F8D520316014A7EBD@ad-exh01.adhost.lan>
next in thread | raw e-mail | index | archive | help 
Hello All:

I've posted this to the Samba list with no success and I'm hoping
someone here will have experience with this configuration.  We're using
Winbind to authenticate against an Active Directory and it works
perfectly *if* the user is in the local password database.  If the user
is not, then it fails.

We want to have the authentication credentials be accepted from the AD,
bypassing the local password database.  Although it may be a problem
internal to pam_winbind.so, I'm hoping it's just a configuration glitch
on my end.  I've attached a copy of my sshd PAM configuration.  If
anyone can shed light on this issue it would be greatly appreciated.


#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#

# auth
auth            required        pam_nologin.so          no_warn
auth            sufficient      /usr/local/samba/lib/pam_winbind.so
auth            sufficient      pam_opie.so             no_warn
no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn
allow_local
#auth           sufficient      pam_krb5.so             no_warn
try_first_pass
#auth           sufficient      pam_ssh.so              no_warn
try_first_pass
auth            required        pam_unix.so             no_warn
try_first_pass

# account
#account        required        pam_krb5.so
account         required        /usr/local/samba/lib/pam_winbind.so
account         required        pam_login_access.so
account         required        pam_unix.so try_first_pass

# session
#session        optional        pam_ssh.so
session         required        /usr/local/lib/pam_mkhomedir.so=20
skel=3D/etc/skel umask=3D0022
session         required        pam_permit.so

# password
#password       sufficient      pam_krb5.so             no_warn
try_first_pass
password        sufficient      /usr/local/samba/lib/pam_winbind.so
try_first_pa
ss
password        required        pam_unix.so             no_warn
try_first_pass

Regards,

Mike

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17838240D9A5544AAA5FF95F8D520316014A7EBD>