Hi all,
I'm trying to use Apache's pam_auth_module with winbindd to authenticate Intranet users to a web application using our PDC (WinNT - sp6a box).
It seems to work well with samba (users can access their shares using domain credentials), but it doesn't work for apache, and googling has given no answer.
For every auth attempt this is my auth.log:
Nov 14 17:17:50 ict-srv-db pam_winbind[591]: Verify user `foo'
Nov 14 17:17:50 ict-srv-db pam_winbind[591]: user 'foo' granted acces
And this is the error.log of apache:
[Fri Nov 14 17:17:50 2003] [error] (13)Permission denied: access to / failed for 192.168.0.xxx, reason: Permission denied
[Fri Nov 14 17:17:50 2003] [debug] mod_auth_pam.c(398): [client 192.168.0.xxx] pam_auth_basic_user() - account is not healthy
I'm clueless, any hint?
Conf files:
/etc/pam.d/httpd
#%PAM-1.0
auth sufficient pam_winbind.so debug
account sufficient pam_winbind.so
nsswitch.conf:
[...]
passwd: compat winbind
group: compat winbind
[...]
smb.conf:
[global]
workgroup = MYOWN
server string = %h server
security = DOMAIN
password server = 192.168.0.xxx
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
client plaintext auth = No
log level = winbind:10
syslog = 2
log file = /var/log/samba/log.%m
max log size = 1000
min protocol = LANMAN2
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /dev/null
winbind separator = +
winbind enable local accounts = No
winbind use default domain = Yes
invalid users = root
httpd.conf
<Directory /var/www>
AuthPAM_Enabled on
AuthPAM_FallThrough off
AllowOverride None
AuthName "Auth needed"
AuthType "basic"
require group "Domain Users"
</Directory>
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
