[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: Pam-list Digest, Vol 23, Issue 6



pam-list-request@xxxxxxxxxx wrote:

I'm feeling a bit stuck on this, so any suggestions gratefully received. I'm trying to set up a Linux-based IMAP server that will authenticate against users on a Windows 2003 SBS domain controller.
...
I have set the /etc/pam.d/imap very simply, similar to that discussed at <http://www.flatmtn.com/computer/Linux-Samba.html#Samba-2>:

#%PAM-1.0
auth       required     /lib/security/pam_winbind.so
account    required     /lib/security/pam_winbind.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 debug

And I'm a bit unclear as to why similar configurations seem to be working for everyone else & not me...

Try this, it works for me with uw-imapd, so it should work for cyrus too. This is my /etc/pam.d/imap:

xxxx@wega:~# cat /etc/pam.d/imap
#%PAM-1.0
auth    sufficient      pam_winbind.so  unknown_ok
auth    required        pam_unix.so     use_first_pass
#
account sufficient      pam_winbind.so  unknown_ok
account required        pam_unix.so
#
session  required       pam_permit.so

Some notes: The option 'unknown_ok' is necessary to prevent pam_winbind
from returning failure if the user name cannot be verified via getpwnam(), although the authentication did succeed.

Please make sure your /etc/nsswitch.conf is set up correctly too:

xxxx@wega:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files winbind
group:          files winbind
shadow:         files winbind

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Last not least you may wish to temporarily add a debug option to pam_winbind that will show you what's going on during authentication:

auth    sufficient      pam_winbind.so  unknown_ok debug

Now have a lok at /var/log/auth.log.

By the way, did you check the basic operation of winbind anyway ?

xxxxæwega:~ wbinfo -t
checking the trust secret via RPC calls succeeded

xxxx@wega:~ wbinfo -u

administrator
guest
dc1fm$
krbtgt
schindler
dopc00$
dopc02$
sirius$
...

Regards, Andreas
--
Dr.-Ing. Andreas Schindler

Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich

Telefon 06103-57187-21
Telefax 06103-373245

schindler@xxxxxx
www.az1.de


_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux