I am trying to setup apache authentication to use mod_auth_pam, winbind, and Active Directory. It works for 'Require user johns' But it fails for 'Require group developers' The logs indicate a fail and a pass: ==> /var/log/apache2/access.log <== 192.168.60.162 - - [09/May/2005:10:57:16 -0700] "GET /JOHN HTTP/1.1" 401 602 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 SUSE/1.0.3-1.1" 192.168.60.162 - johns [09/May/2005:10:57:26 -0700] "GET /JOHN HTTP/1.1" 401 602 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 SUSE/1.0.3-1.1" ==> /var/log/apache2/error.log <== [Mon May 09 10:57:26 2005] [error] [client 192.168.60.162] access to /JOHN failed, reason: user johns not allowed access ==> /var/log/auth.log <== May 9 10:57:26 localhost pam_winbind[8564]: user 'johns' granted access Winbind is working great with samba shares, and I can authenticate a user against AD using 'wbinfo -a MS+johns%password'. I can get a dump of groups (and members) with 'getent group' so nsswitch is setup correctly. /etc/pam.d/apache2 auth required pam_winbind.so account required pam_winbind.so Snip from the apache config which uses AuthPAM_Enabled #################### # TESTING winbind authentication #################### <Location /JOHN> DAV svn # SVNAutoversioning on #AuthzSVNAccessFile /etc/apache2/dav_svn.passwd SVNPath /home/jstile/repo SVNIndexXSLT "/apache2-default/svnindex.xsl" AuthType Basic AuthName "SVN repository" AuthPAM_Enabled on Require group 'developers' </Location> Environment: ---------------- Debian 3.0 testing libapache2-mod-auth-pam 1.1.1-6 apache2 2.0.54-2 winbind 3.0.14a-1 apache2 2.0.54-2 I have looked for other posts regarding this, but they seem to be dead ends (no solution at the end of the trail). I've spent a few days looking and there might be a solution somewhere among the cruft, but I haven't found it. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx