Date: Wed, 23 Nov 2005 10:17:06 -0800 From: "Brian E. Conklin" <bconklin@masongeneral.com> To: "Jim Hatfield" <subscriber@insignia.com>, <freebsd-questions@freebsd.org> Subject: RE: Correct configuration of pam_winbind.so for login using AD accounts Message-ID: <CA513920FC73A14B964AB258D77EA8D6A448C2@mx1.masongeneral.com>
next in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org=20 > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Jim Hatfield > Sent: Wednesday, November 23, 2005 8:33 AM > To: freebsd-questions@freebsd.org > Subject: Correct configuration of pam_winbind.so for login=20 > using AD accounts >=20 >=20 > I'm using a newly-installed FBSD 6 system to experiment with > Single Sign-On to an Active Directory network. >=20 > Samba is installed, the machine is joined to the domain, winbind > seems to work fine, wbinfo -u lets me enumerate users OK. >=20 > I'm trying to work out how to edit the files in /etc/pam.d to get > pam_winbind to let me log on to the console using an AD account. > Most of the Samba docs seems to be Linux-specific and the sample > pam files don't match the ones in the FBSD 6 system. Take a look at http://web.irtnog.org/howtos/freebsd/winbind >=20 > What I did was to edit /etc/pam.d/login: >=20 > add "auth sufficient pam_winbind.so" as the=20 > penultimate line of the auth section, and the same > in the account section. >=20 > If I try to log in as an AD user on the console I get this in > /var/log/messages: >=20 > >Nov 23 15:30:36 speyburn pam_winbind[1330]: user=20 > 'INTERNAL+jhatfield' granted access > >Nov 23 15:30:36 speyburn pam_winbind[1330]: user=20 > 'INTERNAL+jhatfield' granted access > >Nov 23 15:30:36 speyburn winbindd[1324]: [2005/11/23=20 > 15:30:36, 0] rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700) > >Nov 23 15:30:36 speyburn winbindd[1324]: rpc_pipe_bind failed > >Nov 23 15:30:37 speyburn winbindd[1324]: [2005/11/23=20 > 15:30:37, 0] rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700) > >Nov 23 15:30:37 speyburn winbindd[1324]: rpc_pipe_bind failed > >Nov 23 15:30:37 speyburn login[1331]:=20 > setlogin(INTERNAL+jhatfield): Invalid argument - exiting >=20 > So I'm close but not there yet. >=20 > As an aside, I'm confused as to the difference between what > pam_winbind offers and what nss_winbind offers - I would have thought > either of them would be adequate to provide login access. >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to=20 > "freebsd-questions-unsubscribe@freebsd.org" >=20 ====================================================================== Mason General Hospital 901 Mt. View Drive PO Box 1668 Shelton, WA 98584 http://www.masongeneral.com (360) 426-1611 ====================================================================== This message is intended for the sole use of the individual and entity to whom it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee nor authorized to receive for the addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone this message or any information contained in the message. If you have received this message in error, please immediately notify the sender and delete the message. Replying to this message constitutes consent to electronic monitoring of this message. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA513920FC73A14B964AB258D77EA8D6A448C2>