On Wed, Jul 15, 2009 at 12:01 PM, Gary Greene<greeneg@xxxxxxxxxxxxxx> wrote: > On 7/15/09 9:29 AM, "Landon M. Kelsey, III" <landonmkelsey@xxxxxxxxxxx> > wrote: >> What is the best starter documentation on pam? >> Save me a web search! >> >> -----Original Message----- >> From: pam-list-bounces@xxxxxxxxxx [mailto:pam-list-bounces@xxxxxxxxxx] On >> Behalf Of Terry >> Sent: Wednesday, July 15, 2009 10:49 AM >> To: pam-list@xxxxxxxxxx >> Subject: pam/winbind user not found problem >> >> Hello, >> >> Sorry for the generic subject. I am not sure how to classify the >> problem more accurately. >> >> I am running pam-0.99.6.2-4.el5 on RHEL 5.3. I have an application >> that uses pam. Out of the box, it has this configuration file in >> /etc/pam.d: >> #%PAM-1.0 >> auth include system-auth >> account include system-auth >> password include system-auth >> >> My system auth contains this: >> auth required pam_env.so >> auth sufficient pam_unix.so nullok try_first_pass >> auth requisite pam_succeed_if.so uid >= 500 quiet >> auth sufficient pam_winbind.so use_first_pass >> auth required pam_deny.so >> account required pam_unix.so broken_shadow >> account sufficient pam_localuser.so >> account sufficient pam_succeed_if.so uid < 500 quiet >> account [default=bad success=ok user_unknown=ignore] pam_winbind.so >> account required pam_permit.so >> password requisite pam_cracklib.so try_first_pass retry=3 >> password sufficient pam_unix.so md5 shadow nullok try_first_pass >> use_authtok >> password sufficient pam_winbind.so use_authtok >> password required pam_deny.so >> session optional pam_keyinit.so revoke >> session required pam_limits.so >> session [success=1 default=ignore] pam_succeed_if.so service in >> crond quiet use_uid >> session required pam_unix.so >> session required pam_mkhomedir.so skel=/etc/skel umask=077 >> >> SSH authentication with active directory accounts works just fine. >> The usernames are formatted as DOMAIN+username. However, they do not >> work with this application for some reason. The developer claims that >> the formatting shouldn't be a problem with their app so I am double >> checking here. When I try to auth with the application, I get this >> in /var/log/secure: >> >> Jul 15 10:40:59 omadvdss01c DS-System[6827]: pam_unix(dssystem:auth): >> check pass; user unknown >> Jul 15 10:40:59 omadvdss01c DS-System[6827]: pam_unix(dssystem:auth): >> authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= >> Jul 15 10:40:59 omadvdss01c DS-System[6827]: >> pam_succeed_if(dssystem:auth): error retrieving information about user >> DOMAIN+username >> >> Just to prove I can see that user, here is a 'getent passwd': >> DOMAIN+username:*:15000:15019:User Name:/home/DOMAIN/username:/bin/bash >> >> Any ideas? >> >> _______________________________________________ >> Pam-list mailing list >> Pam-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/pam-list >> >> _______________________________________________ >> Pam-list mailing list >> Pam-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/pam-list > > You haven't got nscd running have you? If you do, turn it off. It causes > weird auth issues with Winbind. Thanks for the response. No, I disable it. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list