|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
I'm feeling a bit stuck on this, so any suggestions gratefully received. I'm trying to set up a Linux-based IMAP server that will authenticate against users on a Windows 2003 SBS domain controller....I have set the /etc/pam.d/imap very simply, similar to that discussed at <http://www.flatmtn.com/computer/Linux-Samba.html#Samba-2>:#%PAM-1.0 auth required /lib/security/pam_winbind.so account required /lib/security/pam_winbind.sosession required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 debugAnd I'm a bit unclear as to why similar configurations seem to be working for everyone else & not me...
Try this, it works for me with uw-imapd, so it should work for cyrus too. This is my /etc/pam.d/imap:
xxxx@wega:~# cat /etc/pam.d/imap #%PAM-1.0 auth sufficient pam_winbind.so unknown_ok auth required pam_unix.so use_first_pass # account sufficient pam_winbind.so unknown_ok account required pam_unix.so # session required pam_permit.so Some notes: The option 'unknown_ok' is necessary to prevent pam_winbindfrom returning failure if the user name cannot be verified via getpwnam(), although the authentication did succeed.
Please make sure your /etc/nsswitch.conf is set up correctly too: xxxx@wega:~# cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files winbind group: files winbind shadow: files winbind hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nisLast not least you may wish to temporarily add a debug option to pam_winbind that will show you what's going on during authentication:
auth sufficient pam_winbind.so unknown_ok debug Now have a lok at /var/log/auth.log. By the way, did you check the basic operation of winbind anyway ? xxxxæwega:~ wbinfo -t checking the trust secret via RPC calls succeeded xxxx@wega:~ wbinfo -u administrator guest dc1fm$ krbtgt schindler dopc00$ dopc02$ sirius$ ... Regards, Andreas -- Dr.-Ing. Andreas Schindler Alpha Zero One Computersysteme GmbH Frankfurter Str. 141 63303 Dreieich Telefon 06103-57187-21 Telefax 06103-373245 schindler@xxxxxx www.az1.de _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list