Well, I think that the idea is, is that the user who is logging in needs to have a user account locally, so that a default shell, group memberships, etc, and thus permissions can be used. So, no matter what you do, you're either going to need to have daemons run as some effective UID - whether it's always the same (as in a web server [usually]) or the uid of the user logging in. If you only want to authenticate for a daemon that will always run as the same user, edit the pam module to allow an option to not require a local user for success... otherwise, you're going to need to add users to your nix box, and the module which adds users is something that'll do it for you. Good luck :) Mathew Johnston On Wed, 6 Dec 2000, marin wrote: > I wouldn't do this. > > /marin > > I recall a module which adds usernames when they log in, and can create home > directories (I THINK, but I'm not sure). Check out the pam docs to see a > list > of modules. > > Thus, autheticate against the domain, and if that succeeds, add a user > locally > automatically (you could even make a script that would do this) and thus > lets > them log in. > > Mathew Johnston > > PS. I've never done this, so I may not know what I'm talking about :) > > Erica Douglass wrote: > > > At 04:28 PM 12/1/2000 +1000, you wrote: > > >At 06:45 PM 11/30/00 -0800, you wrote: > > > >I cannot get PAM authentication through an NT server working with > Apache. > > > > > > > >My configuration: Cobalt RaQ4 (Redhat; Intel processor) > > > > > > > >Installed: Apache PAM module > > > >PAM_SMB > > > > > > > >The PAM module for Apache works fine. I have tested with the default > > > >configurations and it runs smoothly. However, PAM_SMB does not work. > The > > > >reason it gives is: "User account has expired" > > > > > >Is it possible that the user's account has expired under NT? > > > > > Ummm, you only need pamsmbd if you are doing username mapping. Are you? > > > > It turns out that the underlying problem is that PAM_SMB has to map the NT > > username to a local username. It seems that the module has no support for > > wildcards, and I don't want to create an unmanageable list of all the > > domain users. (The list would have to be updated every time someone was > > added or deleted from the domain.) > > > > As far as I can tell, there are two choices: > > > > -- Hack the module to support wildcards (e.g. ALL NT users -> "default" or > > "anonymous" locally) > > -- Create ~400 local users, or create the aforementioned list. > > > > Neither choice sounds like a clean solution. Any suggestions? > > > > Erica > > > > _______________________________________________ > > > > Pam-list@redhat.com > > https://listman.redhat.com/mailman/listinfo/pam-list > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list >
