[users@httpd] group authentication failing with apache2mod_auth_pam and winbind

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am trying to setup apache authentication to use:
   mod_auth_pam, winbind, and Active Directory.  
It works for 'Require user johns'
But it fails for 'Require group developers' even though johns is a
member.

The logs indicate a fail and a pass:
  ==> /var/log/apache2/access.log <==
  192.168.60.162 - - [09/May/2005:10:57:16 -0700] "GET /JOHN HTTP/1.1" 401 602 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 SUSE/1.0.3-1.1"
  192.168.60.162 - johns [09/May/2005:10:57:26 -0700] "GET /JOHN HTTP/1.1" 401 602 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 SUSE/1.0.3-1.1"
 
  ==> /var/log/apache2/error.log <==
  [Mon May 09 10:57:26 2005] [error] [client 192.168.60.162] access to /JOHN failed, reason: user johns not allowed access

  ==> /var/log/auth.log <==
  May  9 10:57:26 localhost pam_winbind[8564]: user 'johns' granted access

Winbind is working great with samba shares, and I can authenticate a
user against AD using 'wbinfo -a MS+johns%password'.  I can get a dump
of groups (and members) with 'getent group' so nsswitch is setup
correctly.

/etc/pam.d/apache2
auth            required      pam_winbind.so
account        required      pam_winbind.so

Snip from the apache config which uses AuthPAM_Enabled
        ####################
        # TESTING winbind authentication
        ####################
        <Location /JOHN>
           DAV svn
           # SVNAutoversioning on
           #AuthzSVNAccessFile /etc/apache2/dav_svn.passwd
           SVNPath /home/jstile/repo
           SVNIndexXSLT "/apache2-default/svnindex.xsl"
           AuthType Basic
           AuthName "SVN repository"
           AuthPAM_Enabled on
                   Require group 'developers'
        </Location>

Environment: 
----------------
Debian 3.0 testing
libapache2-mod-auth-pam 1.1.1-6
apache2 2.0.54-2
winbind 3.0.14a-1 
apache2 2.0.54-2

I have looked for other  posts, but they have been dead ends (no
solution at the end of the trail).  I've spent a few days looking and
there might be a solution somewhere among the cruft, but I haven't found
it.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux