I'm trying to setup mod_auth_pam to authenticate users on a local intranet, to a windows PDC. I have a few directories on the intranet that are then protected via a simple .htaccess file to restict their access to a select few. I'm using winbind to do the windows stuff... and all works rather well, with one slight exception. I cannot authenticate all users within a particular NT user group. In my smb.conf file I have set the following option, winbind use default domain = yes so that users on the intranet site do not have to enter the ugly "DOMAIN+USERNAME" string as their username. So in my .htaccess file I have the line: require user user1 user2 so that user1 can login successfully by entering their windows password. If however, I want to allow all users within an NT group, I tried entering the line: require group DOMAIN+Usergroup This works, as long as the user enters the ugly "DOMAIN+Username" string as their username. But if they try entering just the username, it doesn't work. Likewise, I also tried: require group Usergroup But then, a web server mis-configuration error is thrown. There is a line in the error log about "No Gourp File?" My pam.d/httpd file is as follows: #%PAM-1.0 auth required /lib/security/pam_winbind.so account required /lib/security/pam_winbind.so Does anyone know if any means to make this work? Since we only have the one NT domain, it seems stupid to require users to enter the domain everytime they wish to login, but likewise its a bit ugly needing to specify each individual user within the .htaccess file. Any help would be greatly appreciated. thanks NOTICE: The information contained in this email is confidential and may be privileged. It is intended for the recipient only and may not be communicated, copied, distributed or any action taken without express written authorisation from GKN Aerospace Engineering Services Pty Ltd. Please reply to the sender indicating that you have received this email by mistake. Although every effort is applied by GKN Aerospace Engineering Services Pty Ltd using appropriate software to avoid electronic viruses and data corruption, we are unable to accept any responsibility for such problems as a result of any email. We strongly recommend that you always use your own data protection systems accordingly. _______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list
