What is the best starter documentation on pam? Save me a web search! -----Original Message----- From: pam-list-bounces@xxxxxxxxxx [mailto:pam-list-bounces@xxxxxxxxxx] On Behalf Of Terry Sent: Wednesday, July 15, 2009 10:49 AM To: pam-list@xxxxxxxxxx Subject: pam/winbind user not found problem Hello, Sorry for the generic subject. I am not sure how to classify the problem more accurately. I am running pam-0.99.6.2-4.el5 on RHEL 5.3. I have an application that uses pam. Out of the box, it has this configuration file in /etc/pam.d: #%PAM-1.0 auth include system-auth account include system-auth password include system-auth My system auth contains this: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel umask=077 SSH authentication with active directory accounts works just fine. The usernames are formatted as DOMAIN+username. However, they do not work with this application for some reason. The developer claims that the formatting shouldn't be a problem with their app so I am double checking here. When I try to auth with the application, I get this in /var/log/secure: Jul 15 10:40:59 omadvdss01c DS-System[6827]: pam_unix(dssystem:auth): check pass; user unknown Jul 15 10:40:59 omadvdss01c DS-System[6827]: pam_unix(dssystem:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Jul 15 10:40:59 omadvdss01c DS-System[6827]: pam_succeed_if(dssystem:auth): error retrieving information about user DOMAIN+username Just to prove I can see that user, here is a 'getent passwd': DOMAIN+username:*:15000:15019:User Name:/home/DOMAIN/username:/bin/bash Any ideas? _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list