Ho Mauri,
That's what i got from Nalin from Redhat:
To finish up, you'll need to make sure that the user has a home
directory for gdm, kdm, and the like, but logging in at the console
should work at this point, even if the user doesn't have a home
directory.
and that's how i tried to resolve this problem (but still not so far, as i
still cannot authenticate) so i hope this will work:
winbind separator = -
idmap uid = 20000-30000 -> do they have to match linux-users?
winbind gid = 20000-30000 -> do they have to match linux-groups?
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
template homedir = /user/%U -> the homedir
template shell = /bin/bash -> and a shell
Do you know, have the idmap uid and winbind gid numbers to match the
linux-group numbers??
i feel like the first rookie on this planet, as i still do not understand,
why winbind has tu run on clients to, if i tell fedora to authenticate at
MYDOMAIN at SERVER. if have activated this using
redhat-config-authentication and just checked Samba-Auth and entered
DOMAIN and SERVER.
btw, if i just enter the winbind.so after the pam-unix.so in system-auth
and just add use_first_pass on pam-unix.so i get funny messages in the
log:
Dec 11 10:24:22 morpheus sshd(pam_unix)[26344]: check pass; user unknown
Dec 11 10:24:22 morpheus pam_winbind[26344]: request failed: Unexpected
information received, PAM error was 4, NT error was
NT_STATUS_INVALID_PARAMETER
Dec 11 10:24:22 morpheus pam_winbind[26344]: internal module error (retval
= 4, user = `NOUSER'
Dec 11 10:24:26 morpheus sshd(pam_unix)[26344]: check pass; user unknown
Dec 11 10:24:26 morpheus pam_winbind[26344]: request failed: Unexpected
information received, PAM error was 4, NT error was
NT_STATUS_INVALID_PARAMETER
Dec 11 10:24:26 morpheus pam_winbind[26344]: internal module error (retval
= 4, user = `NOUSER'
Dec 11 10:24:28 morpheus sshd(pam_unix)[26344]: 2 more authentication
failures; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=trinity
if there is NOUSER i tried to authenticate with GWCH-roger (via ssh....)
and here if i login without indication of the domain...
Dec 11 10:25:03 morpheus su(pam_unix)[26393]: authentication failure;
logname=roger uid=500 euid=0 tty= ruser=roger rhost= user=root
Dec 11 10:25:06 morpheus pam_winbind[26393]: request failed: Unexpected
information received, PAM error was 4, NT error was
NT_STATUS_INVALID_PARAMETER
...strange...
> Hi again,
>
> to, 2003-12-11 kello 10:24, Mauri Sahlberg kirjoitti:
>> to, 2003-12-11 kello 09:36, Grosswiler Roger kirjoitti:
>> > do i guess right, that i have to put the entry in the following:
>> >
>> > auth required /lib/security/$ISA/pam_env.so
>> > auth sufficient /lib/security/$ISA/pam_unix.so likeauth
>> nullok
>> > auth sufficient /lib/security/$ISA/pam_winbind.so
>> > auth required /lib/security/$ISA/pam_deny.so
>> >
>> > so it should work??
>> >
>> It should but it would ask your password two times. Switch the order of
>> pam_winbind and pam_unix lines and then add use_first_pass to the
>> pam_unix.so-line.
>>
>> In my experience it would still not work, probably. GDM will still not
>> let you in, at least not the way it used to work wit older versions.
>>
>> What I get after that is:
>> Dec 11 09:38:56 humbata pam_winbind[18729]: user 'ntdomain1+mauris'
>> granted acces
>> Dec 11 09:38:56 humbata gdm-binary[18729]: Ei voitu asettaa
>> tunnustietojen hallintaa ntdomain1+mauris:lle
>>
>> Where the latter roughly translates to: Unable to set authentication
>> management to ntdomain1+mauris.
>>
>> As I write this, I notice that ntdomain1+mauris is written all
>> lowercase. Perhaps I should try NTDOMAIN1+Mauris which probably is the
>> correct syntax...
>>
>
> I tried with different combinations. The correct syntax for my NTDOMAIN1
> username seems to be: NTDOMAIN1+MauriS but gdm will not let me in with
> it. Normal login and ssh do.
>
> Dec 11 10:32:51 humbata pam_winbind[18729]: user 'NTDOMAIN1+MauriS'
> granted acces
> Dec 11 10:32:51 humbata gdm-binary[18729]: Ei voitu asettaa
> tunnustietojen hallintaa NTDOMAIN1+MauriS:lle
>
>
> id NTDOMAIN1+MauriS
> uid=10000(NTDOMAIN1+MauriS) gid=10000(NTDOMAIN1+Domain Users)
> ryhmät=10000(NTDOMAIN1+Domain Users),10001(NTDOMAIN1+Domain Admins)
>
> id NTDOMAIN1+Mauris
> uid=10000(NTDOMAIN1+MauriS) gid=10000(NTDOMAIN1+Domain Users)
> ryhmät=10000(NTDOMAIN1+Domain Users)
>
> Two different users!? but both are able to login with ssh with same
> password. Problems arise when the latter tries to use sudo or get mapped
> to local groups as the sudo and groups file are case sensitive. Neither
> can log in thru gdm.
>
> Any guesses what I should change to get gdm to work as well.
> --
> Mauri "mos" Sahlberg Pretax Systems Oy +358 207 44 2228
> Technology Evangelist Pääskylänrinne 8 +358 207 44 2201
> Bsc Computer Science FIN-00500 Helsinki www.pretax.net
> Development Manager Finland
>
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
