i did not switch the order, but i read of use_first_pass which i also inserted - i had two times to fill in my password. As authentication works within the networkbrowser i have to use: DOMAIN\user (not the plus, and domain all in Uppercase) everything else did not work...at least for me! btw. its clear that the nautilus-network-browser works, he authenticates via smbclient or so...that why you can't mount those directories there. > to, 2003-12-11 kello 09:36, Grosswiler Roger kirjoitti: >> do i guess right, that i have to put the entry in the following: >> >> auth required /lib/security/$ISA/pam_env.so >> auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok >> auth sufficient /lib/security/$ISA/pam_winbind.so >> auth required /lib/security/$ISA/pam_deny.so >> >> so it should work?? >> > It should but it would ask your password two times. Switch the order of > pam_winbind and pam_unix lines and then add use_first_pass to the > pam_unix.so-line. > > In my experience it would still not work, probably. GDM will still not > let you in, at least not the way it used to work wit older versions. > > What I get after that is: > Dec 11 09:38:56 humbata pam_winbind[18729]: user 'ntdomain1+mauris' > granted acces > Dec 11 09:38:56 humbata gdm-binary[18729]: Ei voitu asettaa > tunnustietojen hallintaa ntdomain1+mauris:lle > > Where the latter roughly translates to: Unable to set authentication > management to ntdomain1+mauris. > > As I write this, I notice that ntdomain1+mauris is written all > lowercase. Perhaps I should try NTDOMAIN1+Mauris which probably is the > correct syntax... > >> >> > On Wed, Dec 10, 2003 at 08:37:13AM +0100, Grosswiler Roger wrote: >> >> i sucessfully did my net rpc join from my linux-clients, so they are >> in >> >> the samba-domain. >> >> >> >> But: how do i login into my domain if i am on the login into linux? i >> >> thought must be the form DOMAIN\user nevertheless what you defined in >> >> winbind. But, i always get the message "Username or Password wrong". >> >> >> >> 1) What am i doing false here? >> >> >> >> If i login as a regular user, i can go into the >> >> nautilus-network-browswer, >> >> where i can see my domain and (after a login) the machines inside. >> But i >> >> have no mountpoints there. >> > >> > The 'login' program (or gdm, or kdm, or xdm, or whatever) probably >> > doesn't know who the user is. Check that 'winbind' is listed in >> > /etc/nsswitch.conf on the lines for 'passwd', 'group'. >> > >> > You can run 'wbinfo -u' to check that winbind can read information >> about >> > your users from your domain controller, and run 'getent passwd' to >> check >> > if libc (and applications which use it, which is all of them, >> including >> > the application which is trying to authenticate you) can read >> > information about those users from the sources listed in >> > /etc/nsswitch.conf (which should include 'winbind'). >> > >> > That done, you'll want to configure login and other applications to >> > authenticate users using winbind by adding a line >> > auth sufficient pam_winbind.so >> > to /etc/pam.d/system-auth, just under the line which reads >> > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok >> > >> > To finish up, you'll need to make sure that the user has a home >> > directory for gdm, kdm, and the like, but logging in at the console >> > should work at this point, even if the user doesn't have a home >> > directory. >> > >> > HTH, >> > >> > Nalin >> > >> > >> > -- >> > fedora-list mailing list >> > fedora-list@xxxxxxxxxx >> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >> > >> >> >> -- >> fedora-list mailing list >> fedora-list@xxxxxxxxxx >> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list > -- > Mauri "mos" Sahlberg Pretax Systems Oy +358 207 44 2228 > Technology Evangelist Pääskylänrinne 8 +358 207 44 2201 > Bsc Computer Science FIN-00500 Helsinki www.pretax.net > Development Manager Finland > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
