Hi. I'm trying to get apache to authenticate users against my remote NT server. The logs are telling me that NT is successfully authenticating my test user but another log tells me that the user has expired. I believe expiration error is caused by an attempt to lookup the test user in the password file on the web server. the user does exist there but shadow passwords are in use and apache does not have the needed access to look at it. I don't want any user lookups to happen on the web server at all, if that's possible. here's my setup... #/etc/pam_smb.conf ####################### WORKGROUP VPNNET VPNNET ####################### i have verified that pam_smb is working without the apache module. #/etc/pam.d/httpd ################################################################ #%PAM-1.0 #[For version 1.0 syntax, the above header is optional] # # The PAM configuration file for the `httpd' service # auth sufficient /lib/security/pam_smb_auth.so debug ################################################################ each time I try to authenticate via apache I get some errors in the httpd and security log files. #httpd log [Tue Apr 10 19:04:55 2001] [error] access to /manual/ failed for 192.168.3.229, reason: User account has expired #security log Apr 10 19:04:55 ssldesk2 httpd: pam_smb: Local UNIX username/password check incorrect. Apr 10 19:04:55 ssldesk2 httpd: pam_smb: Configuration Data, Primary VPNNET, Backup VPNNET, Domain WORKGROUP. Apr 10 19:04:55 ssldesk2 httpd: pam_smb: Correct NT username/password pair so it looks like the local username/password lookup is causing an authentication failure, even though pam_smb is succeeding. What am I doing wrong? I know I must be doing something stupid. Thanks for any help. - Ben
