You are not logged in.
I've been messing with this since sunday, at least in my free time. I cannot for the life of me manage to login locally to a test machine via kerberos authentication
I can login via ssh, i can sudo when logged in via ssh. I can use getent to see AD accounts and wbinfo shows me users and groups as well. I can even allow AD accounts access to samba shares........but i cannot login locally if im sitting in front of the machine.
I've essentially copied the pam login settings off the wiki article. someone tell me if there's something else useful for me to post, i'm sure i'm missing some dumb thing somewhere
but heres the /etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth requisite pam_nologin.so
auth sufficient pam_unix.so nullok
auth required pam_winbind.so use_first_pass use_authtok
auth required pam_tally.so onerr=succeed file=/var/log/faillog
# use this to lockout accounts for 10 minutes after 3 failed attempts
#auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
account required pam_access.so
account required pam_time.so
account sufficient pam_unix.so
account sufficient pam_winbind.so use_first_pass use_authtok
password required pam_pwcheck.so
password sufficient pam_unix.so
password sufficient pam_winbind.so use_first_pass use_authtok
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
#password required pam_unix.so sha512 shadow use_authtok
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session sufficient pam_unix.so
session sufficient pam_winbind.so use_first_pass use_authtok
session required pam_env.so
session required pam_motd.so
session required pam_limits.so
session optional pam_mail.so dir=/var/spool/mail standard
session optional pam_lastlog.so
session optional pam_loginuid.so
-session optional pam_ck_connector.so nox11
-session optional pam_systemd.so
Last edited by ssl6 (2012-04-01 01:42:10)
this is a signature
Offline
Could you post the contents of your auth.log after having tried to log in locally?
Offline
turns out, im an idiot......i forgot to change the /etc/pam.d/kdm......
its working. now the only tihng left is getting my ftp server working. im currently running vsftp
here's what i get in the auth log when i try to connect to it with a domain account which works otherwise on the system
ar 31 19:25:28 srv-web xinetd[15245]: START: ftp pid=15246 from=10.66.1.1
Mar 31 19:25:28 srv-web vsftpd: pam_unix(ftp:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=urmom rhost=10.66.1.1 user=urmom
Mar 31 19:25:31 srv-web xinetd[15245]: EXIT: ftp pid=15246 duration=3(sec)
Mar 31 19:28:53 srv-web xinetd[15245]: START: ftp pid=15249 from=10.66.1.1
Mar 31 19:28:53 srv-web vsftpd: pam_unix(ftp:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=urmom rhost=10.66.1.1 user=urmom
Mar 31 19:28:56 srv-web xinetd[15245]: EXIT: ftp pid=15249 duration=3(sec)
i suppose the other alternative is exploring different ftp server solutions on this system
this is a signature
Offline
I got it sorted. turns out I wasn't thinking still.....
I had to modify the /etc/pam.d/other as well
this is a signature
Offline