Re: Samba - how to put into domain and authenticate (once again)

[Mauri Sahlberg <Mauri.Sahlberg@xxxxxxxxxxxxxxxx>]

Hi again,

to, 2003-12-11 kello 10:24, Mauri Sahlberg kirjoitti:
> to, 2003-12-11 kello 09:36, Grosswiler Roger kirjoitti:
> > do i guess right, that i have to put the entry in the following:
> > 
> > auth        required      /lib/security/$ISA/pam_env.so
> > auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
> > auth        sufficient    /lib/security/$ISA/pam_winbind.so
> > auth        required      /lib/security/$ISA/pam_deny.so
> > 
> > so it should work??
> > 
> It should but it would ask your password two times. Switch the order of
> pam_winbind and pam_unix lines and then add use_first_pass to the
> pam_unix.so-line.
> 
> In my experience it would still not work, probably. GDM will still not
> let you in, at least not the way it used to work wit older versions.
> 
> What I get after that is:
> Dec 11 09:38:56 humbata pam_winbind[18729]: user 'ntdomain1+mauris'
> granted acces
> Dec 11 09:38:56 humbata gdm-binary[18729]: Ei voitu asettaa
> tunnustietojen hallintaa ntdomain1+mauris:lle
> 
> Where the latter roughly translates to: Unable to set authentication
> management to ntdomain1+mauris. 
> 
> As I write this, I notice that ntdomain1+mauris is written all
> lowercase. Perhaps I should try NTDOMAIN1+Mauris which probably is the
> correct syntax... 
> 

I tried with different combinations. The correct syntax for my NTDOMAIN1
username seems to be: NTDOMAIN1+MauriS but gdm will not let me in with
it. Normal login and ssh do.

Dec 11 10:32:51 humbata pam_winbind[18729]: user 'NTDOMAIN1+MauriS'
granted acces
Dec 11 10:32:51 humbata gdm-binary[18729]: Ei voitu asettaa
tunnustietojen hallintaa NTDOMAIN1+MauriS:lle


id NTDOMAIN1+MauriS
uid=10000(NTDOMAIN1+MauriS) gid=10000(NTDOMAIN1+Domain Users)
ryhmät=10000(NTDOMAIN1+Domain Users),10001(NTDOMAIN1+Domain Admins)

id NTDOMAIN1+Mauris
uid=10000(NTDOMAIN1+MauriS) gid=10000(NTDOMAIN1+Domain Users)
ryhmät=10000(NTDOMAIN1+Domain Users)

Two different users!? but both are able to login with ssh with same
password. Problems arise when the latter tries to use sudo or get mapped
to local groups as the sudo and groups file are case sensitive. Neither
can log in thru gdm. 

Any guesses what I should change to get gdm to work as well.
-- 
Mauri "mos" Sahlberg	Pretax Systems Oy	+358 207 44 2228
Technology Evangelist	Pääskylänrinne 8	+358 207 44 2201
Bsc Computer Science	FIN-00500 Helsinki	www.pretax.net
Development Manager	Finland