Please note that LinuxExchange will be shutting down on December 31st, 2016. Visit this thread for additional information and to provide feedback.

Pam authentication against Active Directory Fedora

0

Hi,

I'm trying to set up a file server and I'm having problems authenticating users in Active Directory on the new Linux file server..

Here's what's going on..

I had added the system to active directory.. Winbind trusts the system server that it's authenticating against and what it looks like is my problem is lying in my /etc/pam.d/login and my /etc/pam.d/system-auth file.. (I'm not editing the gdm file yet, because I want to wait until I can login first with Active Directory passwords before I work on getting GDM to work.)

Here are my /etc/pam.d/login and my /etc/pam.d/system-auth files..

'#system-auth

PAM-1.0

This file is auto-generated.

User changes will be destroyed the next time authconfig is run.

auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so

account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so

session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so'

'#login file

PAM-1.0

auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so auth sufficient /lib/security/pam_krb5.so use_first_pass auth include system-auth account required pam_nologin.so account include system-auth password include system-auth

pam_selinux.so close should be the first session rule

session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so

pam_selinux.so open should only be followed by sessions to be executed in the user context

session required pam_selinux.so open session required pam_namespace.so session optional pam_keyinit.so force revoke session include system-auth -session optional pam_ck_connector.so'

asked 21 Jul '10, 08:08

Joe%201's gravatar image

Joe 1
1111
accept rate: 0%



2 Answers:
oldestnewestmost voted
0

OK.. Trying to post this a little more clearer...

*This is my system-auth file***

auth required pam_env.so

auth sufficient pam_fprintd.so

auth sufficient pam_unix.so nullok try_first_pass

auth requisite pam_succeed_if.so uid >= 500 quiet

auth required pam_deny.so

account required pam_unix.so

account sufficient pam_localuser.so

account sufficient pam_succeed_if.so uid < 500 quiet

account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3 type=

password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok

password required pam_deny.so

session optional pam_keyinit.so revoke

session required pam_limits.so

session [success=1 default=ignore] pam_succeed_if.so service in

crond quiet use_uid

session required pam_unix.so

*This is my login file***

auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so

auth sufficient /lib/security/pam_krb5.so use_first_pass

auth include system-auth

account required pam_nologin.so

account include system-auth

password include system-auth

session required pam_selinux.so close

session required pam_loginuid.so

session optional pam_console.so

session required pam_selinux.so open

session required pam_namespace.so

session optional pam_keyinit.so force revoke

session include system-auth

-session optional pam_ck_connector.so

link

answered 21 Jul '10, 08:19

Joe%202's gravatar image

Joe 2
1
accept rate: 0%

0

I'm fairly certain you have to add pam_ldap to the list.

password requisite pam_cracklib.so retry=3
password sufficient pam_unix.so nullok use_authtok md5 shadow
password sufficient pam_ldap.so use_authtok
password required pam_deny.so

Are you using openldap to communicate to your ad server?

link

answered 21 Jul '10, 12:25

rfelsburg's gravatar image

rfelsburg ♦
6061618
accept rate: 25%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×90
×24

Asked: 21 Jul '10, 08:08

Seen: 31,086 times

Last updated: 17 Mar '11, 00:22

Related questions

usb video storage

Show message on runlevel change

driver for Bluetooth 4.0. Does existing driver( which supports 3.0 ) wil support Bluetooth 4.0?

Access GRUB boot menu in Fedora?

Netbook alternative to Ubuntu?

How Linux gets installed

Pinging to IPv6 enabled machine?

Compaq and F12 - odd couple?

Bluetooth headset: A lot of buzzing and "slow" playback.

[closed] Flash on Fedora plays twice as fast

about | faq | privacy | contact

powered by OSQA