[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
  Web www.spinics.net

Re: Pam-list Digest, Vol 23, Issue 6

pam-list-request@xxxxxxxxxx wrote:

I'm feeling a bit stuck on this, so any suggestions gratefully received. I'm trying to set up a Linux-based IMAP server that will authenticate against users on a Windows 2003 SBS domain controller.
I have set the /etc/pam.d/imap very simply, similar to that discussed at <http://www.flatmtn.com/computer/Linux-Samba.html#Samba-2>:

auth       required     /lib/security/pam_winbind.so
account    required     /lib/security/pam_winbind.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 debug

And I'm a bit unclear as to why similar configurations seem to be working for everyone else & not me...

Try this, it works for me with uw-imapd, so it should work for cyrus too. This is my /etc/pam.d/imap:

xxxx@wega:~# cat /etc/pam.d/imap
auth    sufficient      pam_winbind.so  unknown_ok
auth    required        pam_unix.so     use_first_pass
account sufficient      pam_winbind.so  unknown_ok
account required        pam_unix.so
session  required       pam_permit.so

Some notes: The option 'unknown_ok' is necessary to prevent pam_winbind
from returning failure if the user name cannot be verified via getpwnam(), although the authentication did succeed.

Please make sure your /etc/nsswitch.conf is set up correctly too:

xxxx@wega:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files winbind
group:          files winbind
shadow:         files winbind

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Last not least you may wish to temporarily add a debug option to pam_winbind that will show you what's going on during authentication:

auth    sufficient      pam_winbind.so  unknown_ok debug

Now have a lok at /var/log/auth.log.

By the way, did you check the basic operation of winbind anyway ?

xxxxæwega:~ wbinfo -t
checking the trust secret via RPC calls succeeded

xxxx@wega:~ wbinfo -u


Regards, Andreas
Dr.-Ing. Andreas Schindler

Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich

Telefon 06103-57187-21
Telefax 06103-373245




[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux