From owner-freebsd-questions@FreeBSD.ORG Wed Nov 23 18:17:46 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C62C16A41F for ; Wed, 23 Nov 2005 18:17:46 +0000 (GMT) (envelope-from bconklin@masongeneral.com) Received: from fw.masongeneral.com (list.masongeneral.com [66.119.204.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 768A243DA0 for ; Wed, 23 Nov 2005 18:17:19 +0000 (GMT) (envelope-from bconklin@masongeneral.com) Received: from localhost (unknown [127.0.0.1]) by fw.masongeneral.com (Postfix) with ESMTP id 93BDC15495; Wed, 23 Nov 2005 10:17:11 -0800 (PST) Received: from fw.masongeneral.com ([127.0.0.1]) by localhost (fw.masongeneral.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 35451-01; Wed, 23 Nov 2005 10:17:08 -0800 (PST) Received: by fw.masongeneral.com (Postfix, from userid 1002) id DF619154B1; Wed, 23 Nov 2005 10:17:07 -0800 (PST) Received: from mx1.masongeneral.com (mx1.masongeneral.com [172.31.195.56]) by fw.masongeneral.com (Postfix) with ESMTP id 131C314EEF; Wed, 23 Nov 2005 10:17:07 -0800 (PST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Wed, 23 Nov 2005 10:17:06 -0800 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Correct configuration of pam_winbind.so for login using AD accounts Thread-Index: AcXwS7dIf0z7wdQvRGi3ybdqx/cIBAADkUag From: "Brian E. Conklin" To: "Jim Hatfield" , X-Privacy-Notice: Please visit http://www.masongeneral.com/HIPAA.htm X-Virus-Scanned: amavisd-new at masongeneral.com Cc: Subject: RE: Correct configuration of pam_winbind.so for login using AD accounts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Nov 2005 18:17:46 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org=20 > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Jim Hatfield > Sent: Wednesday, November 23, 2005 8:33 AM > To: freebsd-questions@freebsd.org > Subject: Correct configuration of pam_winbind.so for login=20 > using AD accounts >=20 >=20 > I'm using a newly-installed FBSD 6 system to experiment with > Single Sign-On to an Active Directory network. >=20 > Samba is installed, the machine is joined to the domain, winbind > seems to work fine, wbinfo -u lets me enumerate users OK. >=20 > I'm trying to work out how to edit the files in /etc/pam.d to get > pam_winbind to let me log on to the console using an AD account. > Most of the Samba docs seems to be Linux-specific and the sample > pam files don't match the ones in the FBSD 6 system. Take a look at http://web.irtnog.org/howtos/freebsd/winbind >=20 > What I did was to edit /etc/pam.d/login: >=20 > add "auth sufficient pam_winbind.so" as the=20 > penultimate line of the auth section, and the same > in the account section. >=20 > If I try to log in as an AD user on the console I get this in > /var/log/messages: >=20 > >Nov 23 15:30:36 speyburn pam_winbind[1330]: user=20 > 'INTERNAL+jhatfield' granted access > >Nov 23 15:30:36 speyburn pam_winbind[1330]: user=20 > 'INTERNAL+jhatfield' granted access > >Nov 23 15:30:36 speyburn winbindd[1324]: [2005/11/23=20 > 15:30:36, 0] rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700) > >Nov 23 15:30:36 speyburn winbindd[1324]: rpc_pipe_bind failed > >Nov 23 15:30:37 speyburn winbindd[1324]: [2005/11/23=20 > 15:30:37, 0] rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700) > >Nov 23 15:30:37 speyburn winbindd[1324]: rpc_pipe_bind failed > >Nov 23 15:30:37 speyburn login[1331]:=20 > setlogin(INTERNAL+jhatfield): Invalid argument - exiting >=20 > So I'm close but not there yet. >=20 > As an aside, I'm confused as to the difference between what > pam_winbind offers and what nss_winbind offers - I would have thought > either of them would be adequate to provide login access. >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to=20 > "freebsd-questions-unsubscribe@freebsd.org" >=20 ====================================================================== Mason General Hospital 901 Mt. View Drive PO Box 1668 Shelton, WA 98584 http://www.masongeneral.com (360) 426-1611 ====================================================================== This message is intended for the sole use of the individual and entity to whom it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee nor authorized to receive for the addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone this message or any information contained in the message. If you have received this message in error, please immediately notify the sender and delete the message. Replying to this message constitutes consent to electronic monitoring of this message. Thank you.