[/marin] See my comments bellow . -----Original Message----- From: pam-list-admin@redhat.com [mailto:pam-list-admin@redhat.com]On Behalf Of Erica Douglass Sent: Wednesday, December 06, 2000 4:22 PM To: pam-list@redhat.com Subject: Re: PAM_SMB through Apache At 04:28 PM 12/1/2000 +1000, you wrote: >At 06:45 PM 11/30/00 -0800, you wrote: > >I cannot get PAM authentication through an NT server working with Apache. > > > >My configuration: Cobalt RaQ4 (Redhat; Intel processor) > > > >Installed: Apache PAM module > >PAM_SMB > > > >The PAM module for Apache works fine. I have tested with the default > >configurations and it runs smoothly. However, PAM_SMB does not work. The > >reason it gives is: "User account has expired" > >Is it possible that the user's account has expired under NT? > Ummm, you only need pamsmbd if you are doing username mapping. Are you? It turns out that the underlying problem is that PAM_SMB has to map the NT username to a local username. [/marin] That is incorrect. It seems that the module has no support for wildcards, [/marin] I don't understand what you're trying to do. Could you give some more details. and I don't want to create an unmanageable list of all the domain users. (The list would have to be updated every time someone was added or deleted from the domain.) [/marin] Again, you don't need to do this. I have successfully configured my apache server to authenticate against my NT-PDC. I don't have/use such user list. As far as I can tell, there are two choices: -- Hack the module to support wildcards (e.g. ALL NT users -> "default" or "anonymous" locally) -- Create ~400 local users, or create the aforementioned list. Neither choice sounds like a clean solution. Any suggestions? Erica _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
