On Wed Oct 30 2002 at 15:50, "Basil L. Copeland Jr." wrote: > > Do you have an entry in /etc/pam.d/login like this: > > > > session optional /lib/security/pam_mkhomedir.so The full pathname is not necessary, pam using /lib/security by default. > http://www.isomedia.com/homes/kpuckett/Windows_Domain_Logins_from_RH7.3.htm > > I had done much of what is described in this document, but there were a > couple of new twists. First, the following was the recommended system-auth > file: > > auth sufficient pam_winbind.so <---NOTE > auth required /lib/security/pam_env.so > auth sufficient /lib/security/pam_unix.so likeauth nullok > use_first_pass > auth required /lib/security/pam_deny.so > > account sufficient pam_winbind.so <---NOTE > account required /lib/security/pam_unix.so > > password required /lib/security/pam_cracklib.so retry=3 type= > password sufficient /lib/security/pam_unix.so nullok use_authtok md5 > shadow > password required /lib/security/pam_deny.so > > session required pam_mkhomedir.so umask=0022 <---NOTE > session required /lib/security/pam_limits.so > session required /lib/security/pam_unix.so > > ----------------- > > I was puzzled by the lack of a full path on the three added lines, and am > not sure if that is significant. But I made these changes exactly as > written, and lo and behold, it worked. Not suprised :) > There was one other change I made on the basis of this document: > > ln -s /etc/rc.d/init.d/winbind /etc/rc.d/rc5.d/S92winbind > > but I don't think that had anything to do with why it now works. The daemon should be running. > Finally, FWIW, I STILL have the following login file: > > #%PAM-1.0 > auth required /lib/security/pam_securetty.so > auth required /lib/security/pam_stack.so service=system-auth > auth required /lib/security/pam_nologin.so > account sufficient /lib/security/pam_winbind.so > account required /lib/security/pam_stack.so service=system-auth > password required /lib/security/pam_stack.so service=system-auth > session required /lib/security/pam_stack.so service=system-auth > session required /lib/security/pam_mkhomedir.so skel=/etc/skel > umask=0022 > session optional /lib/security/pam_console.so > > I assume that system-auth overrides login. Not exactly, pam login will use the settings in system-auth. > Can I get rid of the > pam_winbind.so and pam_mkhomedir.so from this file now? Yes. BTW, do you have winbind as a preferred option in your /etc/nsswitch.conf file for passwd and group? IIRC, that's another piece of the puzzle (it has been a while since I read the howto, but that's the definitive document... I set up winbind on a box I no longer administer a while ago, so the details have become a little hazy. But it wasn't difficult to enable it). > -Basil Cheers Tony -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
