My ultimate goal is to be able to use an Active Directory to authenticate users in Apache 2.0. My setup is as follows: Redhat 9.0 - Kernel 2.4.20 Apache 2.0.40 (the RH9 RPM) Samba 3.0 RC4 (the RPM provided by the samba group) The latest version of mod_auth_pam for Apache 2.0 from http://pam.sf.net/mod_auth_pam Winbind is setup correctly ... I have joined the domain and I am able to list users and groups with both wbinfo and net ads. Also, I am able to use wbinfo -a to test user authentication. My /etc/pam.d/httpd looks like this: #%PAM-1.0 auth required /lib/security/pam_winbind.so account required /lib/security/pam_winbind.so The relevant portion of /etc/samba/smb.conf looks like this: winbind separator = + winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U idmap uid = 10000-20000 idmap gid = 10000-20000 password server = {myprimarydomaincontroller} winbind enum users = yes winbind enum groups = yes winbind use default domain = yes realm = {myactivedirectorydomain} security = ads encrypt passwords = yes And the .htaccess file in the protected directory looks like this: AuthPAM_Enabled On AuthPAM_FallThrough Off AuthAuthoritative Off AuthType Basic AuthName "secure area" require user JeffL When I browse to the protected portion of the site I am prompted for authentication, as expected. When I enter my domain username and password I get a 401 (Authentication Required) page from Apache. In /var/log/messages I see: Sep 22 10:51:23 meeting-lido pam_winbind[9529]: user 'JeffL' granted acces But in /var/log/httpd/error_log I see: [Mon Sep 22 10:51:23 2003] [error] [client 10.11.13.155] PAM: user 'JeffL' - invalid account: User not known to the underlying authentication module This is the part I cannot figure out. It looks as if apache is using pam correctly, and pam is also able to contact the winbind service to authenticate. The problems appears to be somewhere in the mod_auth_pam module when it gets it's response from pam. Any help would be greatly appreciated. If there is any additional info I can provide about the configuration, please ask. Thanks, Jeff Lopes Jeff Lopes Desktop Support Groove Networks, Inc. (978) 720-2188 _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
