Support Home Communities Home   Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 18-Dec-2007, 03:45 PM
Mike Thompson
NNTP User
  
Posts: n/a
Default OES Linux & SAMBA & AD
Hi,

We've setup a test network which consists of a Win2k AD box and a OES 1
sp2 server.
The OES box has been added to the AD domain and at the login box it
displays AD accounts. We can also query the AD through the use of a
console command webinfo -u / -g.

But when logging on as a AD user the following errors are generated:

- PAM_NAM: user xxxxx unknown to the authentication module
- PAM_NAM: Pam_SM_Acct_Mgmt: Pam_SM_Acct_Mgmt called without prior
authentication for user.

The server messages displays:
Dec 18 20:30:34 kujo kdm: :0[12423]: PAM_NAM: User TOPTEST+iron man
unknown to the authentication module
Dec 18 20:30:34 kujo pam_winbind[12423]: user 'TOPTEST+iron man' granted
access
Dec 18 20:30:34 kujo kdm: :0[12423]: PAM_NAM: pam_sm_acct_mgmt:
pam_sm_acct_mgmt called without prior authentication for user
[TOPTEST+iron man]
Dec 18 20:30:34 kujo pam_winbind[12423]: user 'TOPTEST+iron man' granted
access
Dec 18 20:30:34 kujo kdm: :0[12423]: Cannot execute startup script
"/etc/X11/xdm/Xstartup"
Dec 18 20:30:36 kujo kernel: mtrr: type mismatch for d0000000,1000000 old:
write-back new: write-combining
Dec 18 20:30:44 kujo /usr/sbin/namcd[9367]: findUserWithoutUIDAndGID:
Return code from the search: [32]

The login PAM file looks like:
#%PAM-1.0
auth required pam_securetty.so
auth required pam_env.so
auth sufficient pam_winbind.so
auth sufficient pam_unix2.so nullok use_first_pass
auth required pam_deny.so
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_unix2.so
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass use_authtok
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
#session sufficient pam_unix2.so none # debug or trace
session sufficient pam_limits.so

AND the xdm PAM file:
#%PAM-1.0
auth sufficient pam_winbind.so
auth sufficient pam_unix2.so use_first_pass nullok #set_secrpc
account sufficient pam_winbind.so
account required pam_unix2.so
password required pam_unix2.so #strict=false
session required pam_unix2.so debug # trace or none
session required pam_devperm.so
session required pam_resmgr.so

The idea is to allow users who have authenticated to AD, to access the NSS
SAMBA enabled shares.

Any suggestions would be appreciated.

Thanks.

Mike Thompson.

Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -6. The time now is 10:18 AM.
Contact Us - NOVELL FORUMS - Archive - Privacy Statement - Top

© 2007 Novell, Inc. All Rights Reserved.

Search Engine Friendly URLs by vBSEO 3.3.0 RC2