FreeBSD 6.1 PAM Configuration Problem
Michael K. Smith - Adhost
mksmith at adhost.com
Thu Nov 9 16:09:37 UTC 2006
Hello All:
I've posted this to the Samba list with no success and I'm hoping
someone here will have experience with this configuration. We're using
Winbind to authenticate against an Active Directory and it works
perfectly *if* the user is in the local password database. If the user
is not, then it fails.
We want to have the authentication credentials be accepted from the AD,
bypassing the local password database. Although it may be a problem
internal to pam_winbind.so, I'm hoping it's just a configuration glitch
on my end. I've attached a copy of my sshd PAM configuration. If
anyone can shed light on this issue it would be greatly appreciated.
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#
# auth
auth required pam_nologin.so no_warn
auth sufficient /usr/local/samba/lib/pam_winbind.so
auth sufficient pam_opie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn
allow_local
#auth sufficient pam_krb5.so no_warn
try_first_pass
#auth sufficient pam_ssh.so no_warn
try_first_pass
auth required pam_unix.so no_warn
try_first_pass
# account
#account required pam_krb5.so
account required /usr/local/samba/lib/pam_winbind.so
account required pam_login_access.so
account required pam_unix.so try_first_pass
# session
#session optional pam_ssh.so
session required /usr/local/lib/pam_mkhomedir.so
skel=/etc/skel umask=0022
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn
try_first_pass
password sufficient /usr/local/samba/lib/pam_winbind.so
try_first_pa
ss
password required pam_unix.so no_warn
try_first_pass
Regards,
Mike
More information about the freebsd-questions
mailing list