Date: Wed, 23 Nov 2005 16:32:59 +0000 From: Jim Hatfield <subscriber@insignia.com> To: freebsd-questions@freebsd.org Subject: Correct configuration of pam_winbind.so for login using AD accounts Message-ID: <cf19o1luis1nmmg5njldcjei4tq3bm7s5v@4ax.com>
next in thread | raw e-mail | index | archive | help
I'm using a newly-installed FBSD 6 system to experiment with Single Sign-On to an Active Directory network. Samba is installed, the machine is joined to the domain, winbind seems to work fine, wbinfo -u lets me enumerate users OK. I'm trying to work out how to edit the files in /etc/pam.d to get pam_winbind to let me log on to the console using an AD account. Most of the Samba docs seems to be Linux-specific and the sample pam files don't match the ones in the FBSD 6 system. What I did was to edit /etc/pam.d/login: add "auth sufficient pam_winbind.so" as the=20 penultimate line of the auth section, and the same in the account section. If I try to log in as an AD user on the console I get this in /var/log/messages: >Nov 23 15:30:36 speyburn pam_winbind[1330]: user 'INTERNAL+jhatfield' = granted access >Nov 23 15:30:36 speyburn pam_winbind[1330]: user 'INTERNAL+jhatfield' = granted access >Nov 23 15:30:36 speyburn winbindd[1324]: [2005/11/23 15:30:36, 0] = rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700) >Nov 23 15:30:36 speyburn winbindd[1324]: rpc_pipe_bind failed >Nov 23 15:30:37 speyburn winbindd[1324]: [2005/11/23 15:30:37, 0] = rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700) >Nov 23 15:30:37 speyburn winbindd[1324]: rpc_pipe_bind failed >Nov 23 15:30:37 speyburn login[1331]: setlogin(INTERNAL+jhatfield): = Invalid argument - exiting So I'm close but not there yet. As an aside, I'm confused as to the difference between what pam_winbind offers and what nss_winbind offers - I would have thought either of them would be adequate to provide login access.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cf19o1luis1nmmg5njldcjei4tq3bm7s5v>