> Do you have an entry in /etc/pam.d/login like this: > > session optional /lib/security/pam_mkhomedir.so > > You may need to rebuild it to create directories in /home/DOMAIN/user. > I had to rebuild it to allow selection of creating a local /home > directory or a network mounted directory. It shouldn't be too hard. What I had (still do, but you'll catch the drift of the past tense in a moment) was: session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 However, since posting, I've continued to search the internet for clues on how to proceed, and came across this useful link: http://www.isomedia.com/homes/kpuckett/Windows_Domain_Logins_from_RH7.3.htm I had done much of what is described in this document, but there were a couple of new twists. First, the following was the recommended system-auth file: auth sufficient pam_winbind.so <---NOTE auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass auth required /lib/security/pam_deny.so account sufficient pam_winbind.so <---NOTE account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 type= password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required pam_mkhomedir.so umask=0022 <---NOTE session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so ----------------- I was puzzled by the lack of a full path on the three added lines, and am not sure if that is significant. But I made these changes exactly as written, and lo and behold, it worked. There was one other change I made on the basis of this document: ln -s /etc/rc.d/init.d/winbind /etc/rc.d/rc5.d/S92winbind but I don't think that had anything to do with why it now works. Finally, FWIW, I STILL have the following login file: #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 session optional /lib/security/pam_console.so I assume that system-auth overrides login. Can I get rid of the pam_winbind.so and pam_mkhomedir.so from this file now? -Basil -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
