At 04:28 PM 12/1/2000 +1000, you wrote: >At 06:45 PM 11/30/00 -0800, you wrote: > >I cannot get PAM authentication through an NT server working with Apache. > > > >My configuration: Cobalt RaQ4 (Redhat; Intel processor) > > > >Installed: Apache PAM module > >PAM_SMB > > > >The PAM module for Apache works fine. I have tested with the default > >configurations and it runs smoothly. However, PAM_SMB does not work. The > >reason it gives is: "User account has expired" > >Is it possible that the user's account has expired under NT? > Ummm, you only need pamsmbd if you are doing username mapping. Are you? It turns out that the underlying problem is that PAM_SMB has to map the NT username to a local username. It seems that the module has no support for wildcards, and I don't want to create an unmanageable list of all the domain users. (The list would have to be updated every time someone was added or deleted from the domain.) As far as I can tell, there are two choices: -- Hack the module to support wildcards (e.g. ALL NT users -> "default" or "anonymous" locally) -- Create ~400 local users, or create the aforementioned list. Neither choice sounds like a clean solution. Any suggestions? Erica
